arrow left facebook twitter linkedin medium menu play circle

Digital Fraud Wiki

Your source for the latest fraud intelligence, insights, research, and commentary.

What You Need to Know About Card Skimming Scams

The most successful fraudsters know how to attack when we have our guards down. In the case of card skimming, the scammer doesn’t even need to be present to steal card information. What’s scarier is they steal it from us at places we trust—ATMs, gas pumps, even restaurants. Learn how card skimming works, what card skimmers use to steal card information, and how to fight them.

What is Card Skimming?

Card skimming is a financial fraud involving the illegal capture of a victim’s card information using a device known as a skimmer. Once a fraudster skims a victim’s card information, they can use it to create cloned cards or use it for online transactions.

What are Card Skimming Devices?

Card skimming devices, or card skimmers, are small electronic devices that steal card information at points of sale. They’re designed to blend in with legitimate card readers, making them difficult to spot.

Hidden cameras, illegal components inside a card reader, and devices on top of the actual reader can all skim card information. Some fraudsters can build their own skimmers, but many choose to buy them on the black market.

Can Chip Cards be Skimmed?

Embedded microchips in cards enhance security and reduce the risk of card skimming. That’s because chip cards generate a unique transaction code for every sale, unlike magnetic strip cards. This also makes it harder to clone chipped cards even if the skimmer does get the card information.

Chip cards aren’t immune to credit card skimming, though. Fraudsters can still tamper with legitimate card readers and skim that way.

Can Contactless Cards be Skimmed?

Contactless cards are generally resistant to traditional skimming techniques. They use both encryption and verification to protect the card’s data and prevent skimming credit cards. But, like chip cards, no card is completely immune to card skimming tactics.

Sophisticated criminals have still found ways to exploit vulnerabilities in contactless card systems. Some have skimmers that can intercept communication between a card and the point of sale. That’s why card issuers track and address emerging threats to keep card technology a step ahead of skimmers.

Common Card Skimming Methods

There are many different types of card skimmers. The methods card skimmers choose depend on where they’re stealing card information from.

Physical or Overlay Skimmers

Physical credit card skimming devices go on top of legitimate card readers and blend seamlessly with their appearance. You’ll find these skimmers at ATMs, gas pumps, or other outdoor payment terminals. They capture the magnetic stripe data and often use a camera to capture the victim’s PIN.

Wireless Skimmers

For more secure cards like chip or contactless, advanced wireless skimming devices steal card data remotely. Fraudsters install them near a payment terminal, close enough to collect data without physical contact.

Internal Skimmers

When fraudsters break into a merchant’s systems or networks, they install malware that captures card data as it processes. This internal skimming is very difficult to spot and can affect a huge number of customers before its finally removed.

Card skimming scams to watch for

The scam is just as important to card skimming as the skimmer device itself. Here are some of the most prevalent card skimming scams to watch for:

Point-of-sale (POS) Skimming

This is when fraudsters use physical overlay skimmers to steal card information. How they do it depends on where the skimmer is going:

  • On ATMs, they attach overlays on the card reader and hidden cameras to capture PIN entry
  • On gas pumps, they break into the pump using master keys, then add a skimmer to the card payment slot
  • On handheld card readers at restaurants or bars, they can attach a skimming device or hack the handheld reader to capture card info

Card Trapping

Card trapping scams are similar to POS scams. The difference is instead of copying and saving the card information from the skimmer, the device traps the card so it won’t eject. Then they can come back later and take the cards they’ve trapped.

Online Skimming

Online skimming scams, or e-skimming, steal card information directly from e-commerce websites. Fraudsters add malicious code into payment pages that intercept card data at checkout. Sites without an SSL certification (https) are especially vulnerable to these attacks.

Bluetooth Skimming

Bluetooth skimmers capture and send stolen card data wirelessly. Fraudsters place them near tap to pay terminals so the skimmer can steal the card information as the victim pays. Because they can grab card data without direct physical contact, they’re one of the most flexible skimming methods.

Can AI Catch Card Skimming?

Artificial Intelligence (AI) plays a crucial role in combating card skimming. The machine learning tools enhance fraud prevention by spotting fraud patterns in vast datasets.

Platforms like Datavisor’s use cutting-edge AI algorithms to detect anomalies in customer behavior—even in real time. It detects card skimming specifically by flagging suspicious transactions, like multiple card uses in different locations within a short timeframe. It identifies the cards in these transactions and checks if they are stolen or have been cloned.

AI-powered platforms can continually evolve to improve detection accuracy and help fraud prevention teams stay one step ahead of fraudsters. They also unearth connected fraud and crime rings by creating device footprints of criminals. See how DataVisor’s AI powered fraud prevention catches card skimmers in real-time in a personalized demo.