Credit Card “Shimming”: The New Skimming

However, credit card shimming is the latest development in the skimming tricks, which has only emerged in the last couple of years.

Credit card skimming is the act of utilizing a device to capture credit card details from clients as they pay for their fuel, withdraw cash from an ATM, dine at a restaurant, and other multiple places. Criminals can then emulate an actual credit card and make unauthorized purchases on the card. Now, there is a new method of credit card fraud called shimming.

What is Credit Card Shimming?

The last method employed by thieves in their operations is shimming. It entails the physical placement of a slender nearly immeasurable gadget right inside the card reader slot. This shimmer is intended to read data from the magnetic stripe once the credit card is swiped through the tainted reader.

Shimmers record the entire track data including the card number, the expiration date, and the internal verification code. They can then create fake cards and use them to purchase goods or even get cash from the ATM. The whole process takes a very short time which leaves the cardholder with no clue that his or her data was stolen.

How Shimming Devices Work?

Shimming devices include a circuit board microprocessor battery and flash storage. They are made thin enough to fit in the card reader slot unnoticed or inserted in the data slot of a computer. The shimmer lies idle as if just waiting to be activated by a credit or debit card. At this point, the device gets activated and starts snapping all the information stored in the magnetic stripe of the card.

Shimmers do not have their power supply. The swipe motion creates enough electromotive force to trigger the shimmer and copy the contents of the card. Once the data gets stolen it gets encrypted and then stored in the flash memory drive of the device. The criminals return later to take the device and collect all the stolen credit card details.

Advantages Over Skimmers

Credit card shimming has a few key advantages over old-fashioned skimming.

  • It is very hard to spot - The shimmer merges well within the card reader. One of the features is that unless it is looked at very closely it is extremely difficult to notice by merchants or customers. These enable the devices to siphon data for weeks or even months before they are detected.
  • Skimmers do not need to send information – unlike most POS malware, Skimmers require the stolen data to be sent through Bluetooth or cellular connection to the criminals. Shimming devices keep data within the device, thus, it does not transmit any wireless signal that may cause attention.
  • Assignments related to new EMV chip cards – EMV credit cards have microchips to enhance their security. Despite EMV technology eliminating cloned magnetic stripe counterfeits shimmers manage to steal the card and verification data required in conducting fraudulent in-store purchases.
  • Higher price for stolen data – Since shimmers are capable of capturing highly sensitive internal data they can fetch a higher price when sold in the black market. While skimmed cards are likely to cost between five and ten dollars, shimmed cards can be sold for twenty dollars or more.
  • Alina: Difficult to prove theft – Even if a merchant finds the shimmer there may be no evidence of past stolen payment card data. This makes it difficult to report a data breach which assists the criminals in avoiding prosecution.
Increased Financial Loss

Regrettably credit card shimming results in a great loss of cash to the consumers’ merchants and banks. These schemes take time to be discovered such that thousands of cards are already being stolen before the culprits get arrested with the shimmer device. They then produce large quantities of fake cards and quickly cash them through various scams.

Consumers are left to their fate with hundreds or thousands of dollars in charges made through fraudulent means. When those charges are levied the process of getting them reversed takes a lot of time, energy, and stress to have them undone. It is also important to note that merchants suffer from high chargeback rates and penalties from credit card issuers. Banks are also on the receiving end through losses through all the fraud claims chargeback costs as well as reissued cards.

Shimmers are essentially thin flakes that allow hackers to gain access to an organization’s network by exploiting vulnerabilities in its system or infrastructure.

Paying attention to the need to combat shimmers is crucial not only to the consumer but also to the merchant. Customers should take these steps.

  • Do not blink as your card is being swiped. In case you notice anything strange with the card reader inform the merchant.
  • Review statements at least once a week to see if any charges are unfamiliar to the account holder. Inform your bank about any transaction you did not authorize immediately.
Merchants should
  • Check card readers daily including tamper-proof tape. This involves searching for anything loose, damaged, or added to the object.
  • It would be helpful to replace the payment terminals with those that offer better security measures against fraud.
  • Raise awareness and teach staff how to recognize shimmers and report if they see or suspect anything.

Thus, you should enforce rigorous security measures to limit physical access to terminals and POS locations.

Consumers, merchants, and financial institutions have to join forces to contain the threat that shimming attacks pose. This involves refining measures to protect information educating employees to observe for assaults and informing each other of fresh types of scams. Therefore, the payments industry should be keen and remain progressive to overcome sophisticated threats such as credit card shimming.

Ready to boost your credit score? Call +1 888-804-0104 now for the best credit repair services near you! Our expert team is here to help you achieve financial freedom and improve your credit. Don't wait—get started today!

Related Stories