What is Skimming and Digital Skimming?
Skimming. A skimming attack refers to an attack where a third-party gains unauthorized access to your financial information through an ATM, fuel pump, or POS terminal. Skimming devices typically record the personal identification number (PIN) of the cardholder and store it on an attached microchip or magnetically on a strip of tape. The PIN can be later used to withdraw money from the account. Fuel pump skimmers are usually attached in the internal wiring of the machine and are not visible to the customer. ATM and POS skimmer devices usually fit over the original card reader and can include pinhole cameras or keypad overlays to record PINs. Tips to protect from skimming attacks1:
- Choose a fuel pump that is closer to the store and in direct view of the attendant. These pumps are less likely to be targets for skimmers.
- Run your debit card as a credit card. If that’s not an option, cover the keypad when you enter your PIN.
- Consider paying inside with the attendant, not outside at the pump.
- Inspect ATMs, POS terminals, and other card readers before using. Look for anything loose, crooked, damaged, or scratched. Don’t use any card reader if you notice anything unusual.
- Pull at the edges of the keypad before entering your PIN. Then, cover the keypad when you enter your PIN to prevent cameras from recording your entry.
- Use ATMs in a well-lit, indoor location, which are less vulnerable targets.
- Be alert for skimming devices in tourist areas, which are popular targets.
- Use debit and credit cards with chip technology. In the U.S., there are fewer devices that steal chip data versus magnetic strip data.
- Avoid using your debit card when you have linked accounts. Use a credit card instead.
- Contact your financial institution if the ATM doesn’t return your card after you end or cancel a transaction.
- Scan for vulnerabilities regularly
- Take inventory of your attack surface
- Follow web-app security best practices
- Conduct penetration tests
1 FBI, 2022, “Skimming”