How to Spot and Avoid Credit Card Skimmers - PC Magazine

PC Magazine, By Fahmida Rashid

With all the recent headlines about point-of-sale malware infecting retailers and restaurants around the country, it's easy to forget the more common way cyber-criminals steal credit and debit card numbers: card skimmers. If you ever swipe your card at a gas station pump, withdraw cash from an ATM, or buy tickets from a vending machine, then you are at risk.

Cyber-criminals install skimmers, which are essentially malicious card readers that grab the data off the card's magnetic stripe, on to the real payment terminals so that they can harvest data from every person that swipes their cards. The thief has to come back to the compromised machine to pick up the file containing all the stolen data, but with that information in hand he can create cloned cards or just break into bank accounts to steal money.

"Classic skimming attacks are here to stay," and will likely continue to be a problem even after banks make the shift to chip-and-PIN cards, said Stefan Tanase, a security researcher at Kaspersky Lab. Even if the cards have a chip, the data will still be on the card's magnetic strip in order to be backwards-compatible with systems that won't be able to handle the chip, he said.

The typical ATM skimmer is a device smaller than a deck of cards that fits over the existing card reader. Most of the time, the attackers will also place a hidden camera somewhere in the vicinity with a view of the number pad in order to record personal-identification-numbers. The camera may be in the card reader, mounted at the top of the ATM, or even just to the side inside a plastic case holding brochures. Some criminals may install a fake PIN pad over the actual keyboard to capture the PIN directly, bypassing the need for a camera. Read more.