What Is a Credit Card Skimmer? How To Spot & Avoid Skimming

What Is a Credit Card Skimmer?

A credit card skimmer is a small device that someone illegally attaches to card readers at a point-of-sale (POS) or on an automated teller machine (ATM) to steal credit or debit card data.

Whenever you insert your card, the skimmer can record your name and account number — and may even steal your PIN code. Since skimmers are often placed as overlays over the original card slot or the keypad, they may be hard to spot.

Card skimming in the United States surged by 700% in the first half of 2022 [*]. According to the Federal Bureau of Investigation (FBI), the problem costs financial institutions and consumers over $1 billion annually [*].

{{show-toc}}

How Do Credit Card Skimmers Work?

The black magnetic stripe on the back of a credit or debit card — also known as a magstripe — contains encoded information about the card and its linked account. A credit card skimmer can read the magstripe, giving thieves unbridled access to its data, which includes:

• Cardholder's name: An essential aspect of identity scams that enables thieves to make fraudulent transactions or create counterfeit cards in your name.
• Card number: The unique 16-digit number or primary account number (PAN) that is required to make purchases.  
• Expiration date: Another indispensable element for transactions, thieves can use this data to create a functional counterfeit card or to dupe customer support staff on scam calls to the card issuer.
• Security code (CVV/CVC): Before confirming online purchases, thieves will need to enter a three-digit security code found on the back of your card (or a four-digit code on American Express cards). 

Some perpetrators also steal PIN codes by installing inconspicuous cameras. A counterfeit overlay number pad — that records numbers when people type — is another ploy. 

Basic skimmers require the thief to return to the ATM or POS to retrieve the device. However, advanced devices enable remote access to transmit stolen data wirelessly to a laptop or smartphone. 

In March 2023, an organized group attempted to install a credit card skimmer at a local grocery store in South Bakersfield [*]. 

While two individuals created distractions by posing as customers, a third person discreetly placed a skimmer on the ATM. Shortly thereafter, customers began facing difficulties when inserting their cards, prompting the business owner to uncover the illicit device.

{{show-cta}}

Where Are Credit Card Skimmers Found?

Thieves place credit card skimmers in various locations, including:

• ATMs — A common target, especially if it’s on an isolated street. Criminals have more time to set up hidden cameras or fake keypads to capture your PIN. 
• Gas station skimmers are high-risk, as thieves can install the devices internally, making them harder to detect.
• POS skimmers can be concealed within the point-of-sale terminals or handheld devices at retail stores or restaurants — possibly even by pliable staff members.
• Outdoor vending machines may have skimmers placed over the card reader, or they could be inserted into the card slot.
• Self-checkout kiosks are another prime location for skimmers, as they service customers using cards without the oversight of staff members.
• Train or metro station ticket machines may also attract thieves that lurk in high-traffic areas.

⛳️ Related: The 7 Latest Chase Bank Scams (and How To Avoid Them) →

What Does a Skimmer Look Like?

Skimmers come in various shapes and sizes, most of which are hard to spot. Here are seven types of credit card skimmers.

• Card-reading overlays are placed over the original card slot of an ATM or payment terminal to record your card information as you swipe or insert it into the machine. As these overlays blend in with the design, they’re hard to discern.
• PIN-capture overlays fit on the keypad of a payment device to record your PIN as you type. 
• Fake ATM faceplates are entire false fronts attached to an ATM. These larger devices require more time to install and include both card-reading and PIN-capture devices.
• Well-placed cameras positioned discreetly near a payment terminal or ATM can record your card number and PIN. These cameras can be as small as a pinhole and invisible to the naked eye.
• Wireless devices use Bluetooth technology to read card information and transmit it to a “watcher” who may be using a laptop in a nearby parking lot or house. 
• Shimming devices with memory are slim devices that con artists insert into the card reader slot to furtively access the data on chip-enabled cards. 
• E-skimmers are a form of credential-stealing software that cybercriminals insert into a retailer's website. Also known as web skimmers, these malicious programs intercept card information from chip-based cards at the online checkout.

What Happens When Your Card Is Skimmed?

Once thieves steal your card information, you may be poised for various types of fraud. Scammers could use your card information to make purchases online or in shops, or withdraw cash from an ATM.

Criminals can even use the stolen data to create counterfeit credit cards and run up debts in your name. Keep an eye out for the warning signs of credit card skimming:

• Unauthorized charges on your credit card statement: Have you discovered some purchases at an unfamiliar store or in a city that you’ve never visited? These are sizable red flags.
• Notifications from your bank: Watch out for bank alerts about overdraft use, insufficient funds, or account freezes due to suspected fraud. Pay attention to notifications about changes to your online banking account, as someone might be exploiting your card information.
• Unfamiliar entries on your credit report: Regularly check your credit report for any unusual transactions or credit inquiries. If you notice anything out of the ordinary, you might have been targeted by a credit card scam.
• Merchants declining your card: An unexpected rejection at a store or restaurant POS should raise an alarm. It could be a sign that someone has skimmed your card and emptied your account.
• Unexpected mail with a replacement card: Did you receive a replacement card well in advance of your current card’s expiry date? Get in touch with the card issuer to make sure everything is bonafide. 
• Unsolicited texts, calls, or emails: Fraudsters often impersonate bank or credit card issuers with phishing attempts. Familiarize yourself with the signs of phishing emails and text messages to protect your personally identifiable information (PII).

⛳️ Related: How To Spot a Chase Phishing Email (5 Examples) →

To Prevent Credit Card Skimming, Do This

1. Inspect for signs of skimming devices
2. Check for a gas pump security tape
3. Pay at the cash register
4. Use credit cards instead of debit cards
5. Choose an ATM that you trust
6. Protect your PIN
7. Check your monthly statements

1. Inspect for signs of skimming devices

Before you insert your card, always examine the card reader for signs of a credit card skimmer.

• The keypad feels uneven or soft to touch.
• The machine is dented or looks tampered with.
• There are loose wires or a camera above the keypad.
• Some parts look off-alignment or detached from the rest.
• Some parts feel loose when you grab and wiggle the device. 
• Some parts are a different color or style than the rest of the machine.

If parts of the credit card reader look or feel out of place, it’s best to avoid using it and find another option. 

2. Check for a gas pump security tape

In April 2022, three men were sentenced in San Diego for their role in a $1 million card skimming scheme [*]. The thieves targeted gas pumps nationwide to steal credit card data and raid victims’ accounts. 

Here’s how to minimize the risk of skimming at gas stations:

• Check the tamper stickers on the fuel pump. If the tape is broken, there’s a chance that someone has been tampering with it to install a skimming device. 
• Consider paying with a mobile app. You can avoid skimming by using a gas payment app or other contactless options like Apple Pay.
• Report any suspicious activity. By notifying the staff members, you can prevent other patrons from having their details stolen.

3. Pay at the cash register

Whenever possible, pay directly to a cashier instead of using self-service machines at supermarkets or gas stations. Although it's less convenient, paying a person is usually less risky. If there is an issue with the card reader, having a staff member witness your payment could help resolve the situation.

4. Use credit cards instead of debit cards

When using payment terminals, it’s always better to use credit cards, as debit cards don’t have the same fraud protections. Here are three reasons why:

• The Fair Credit Billing Act (FCBA) protects consumers from fraudulent purchases made on credit cards. Victims are only liable for a maximum of $50 of any unauthorized charges [*]. 
• Most modern credit cards store data on embedded EMV (Europay, Mastercard, and Visa) chips. These cards are harder to clone, making them safer than cards with magstripe technology.
• The encryption technology of EMV cards ensures secure transmission during contactless payments. This makes it harder for scammers to create counterfeit cards with stolen card numbers.

⛳️ Related: Help! My Debit Card Was Charged For Something I Didn't Buy →

5. Choose an ATM that you trust

Fraudsters tend to target ATMs in secluded areas, as it’s easier for them to remain undetected when installing a credit card skimmer. Stick to machines in highly visible, well-lit areas, like inside banks or busy convenience stores‌. 

6. Protect your PIN

In 2022, many New York financial institutions reported discoveries of “deep insert” skimming devices [*]. These ultra-thin devices were paired with pinhole cameras that thieves disguised in fake ATM panels.

Regardless of other precautions that you take to avoid skimming, always hide the PIN pad as you type in your code.

7. Check your monthly statements

Getting into the habit of regularly reviewing your financial records can help you spot early signs of fraud. Every month, study your bank and credit card statements for any unauthorized transactions.

If you find anything untoward and want to dispute a credit card charge, report the issue to your bank or card issuer.

⛳ Related: How To Prevent Credit Card Fraud: 10 Essential Steps →

What To Do If Your Card Was Skimmed

If you think your credit card was compromised, you need to act fast to stop further fraud. Here’s what to do.

Alert your credit card issuer and dispute charges

• Request to block the account and cancel the card. Putting a hold on the account will stop further fraud.
• Dispute any unauthorized charges. Many U.S. banks, including American Express, Chase, and Discover, offer zero fraud liability. This $0 liability policy ensures that the cardholder will not be liable for any fraudulent charge [*]. 
• Review your rights against unauthorized charges. Should you face difficulties with card issuers, you can get more information on the Consumer Financial Protection Bureau (CFPB) website. After making the initial report, follow up with the financial institution within 15–30 days. 

Place a credit freeze on your report

Next, contact each of the three major credit bureaus — Equifax, Experian, and TransUnion — to request a credit freeze on your report. This security measure stops anyone from accessing your credit file or opening new accounts in your name.

File a report with the FTC

The Federal Trade Commission (FTC) investigates identity fraud across the United States. You can file an identity theft affidavit online at IdentityTheft.gov. The FTC will provide you with an official report along with guidance on recovering from the fraud.

Contact your state’s consumer protection division

The FTC's Bureau of Consumer Protection stops unfair, deceptive, and fraudulent business practices. These departments investigate fraud and advise consumers and businesses about their rights and responsibilities. You can find the contact details for your state's nearest consumer protection offices at USA.gov.

Monitor your accounts for fraud

26% of people who fall prey to identity theft are repeat victims[*]. If you’ve been targeted once, take extra care to do the following:

• Set up alerts on your bank and credit card accounts to notify you of any transactions over your desired preset limit.
• Watch for any suspicious or unauthorized activity. Thieves may attempt small transactions to test the card before making bigger transfers or purchases. 
• Use monitoring services to protect your accounts. Aura offers 24/7 financial fraud protection with credit monitoring, bank account monitoring, and a one-tap credit lock. 

Report fraud to local law enforcement

Once your financial institution confirms that you’re a victim of fraud, you can report the crime to your local police. This step is essential if skimming happens somewhere in your locality. Bring your FTC report and any supporting evidence to help police investigate the incident and stop others from falling victim.

⛳️ Related: Did Scammers Use Your Credit Card? Take These 10 Steps Now →

Don’t Let Skimmers Steal Your Money. Aura Can Help.

If you fall victim to credit card skimming, it can result in financial losses, wasted time, and considerable inconvenience as you work to recover from the fraud.

To protect yourself from this increasing threat, consider signing up for Aura's financial fraud protection solution. As a member, you'll have access to the following benefits:

• 24/7 three-bureau credit monitoring with fraud alerts that are up to 250 times faster than other digital security providers ^[3].
• Virtual private network (VPN) and antivirus software to protect your devices against e-skimming, malware, spyware, and other ransomware threats.
• Dark Web monitoring scans the internet in real-time and alerts you if any of your credit card information or personal data is circulating on the Dark Web.
• $1,000,000 insurance policy for every adult member on your plan to cover eligible losses due to identity theft, such as stolen funds, credit cards, and passports.
• White Glove Fraud Resolution Specialists that provide U.S.-based 24/7 support to help you navigate banks, creditors, and government agencies.

Aura is free for 14 days. Start your trial today →