How to Avoid Shimming

Skimming and shimming and scams, oh my!

Keep a few security measures in mind when shopping with credit and debit cards. While many consumers are well-versed in the perils of skimmers, they may not realize that criminals have upgraded their tactics with Skimmer’s evil cousin — the Shim. What’s the difference between the two?

The Pennsylvania Department of Banking and Securities provides clarity. “Skimmers are malicious card readers often attached to an actual payment terminal that can gather data from a credit or debit card’s magnetic stripe when inserted or swiped.” Skimmers can be easily seen on the outside of the payment center at a gas station or retailer, or on the outside of an ATM. Shimmers, however, are much better at going incognito. “A shim is a paper-thin, card-size device embedded with a microchip or flash storage inserted directly into the machine’s card slot. The shim reads and stores payment information until the scammer can return to collect it.” Criminals employ both methods to harvest the personal data they need. Here are a few simple ways consumers can protect themselves:

Embrace ‘tap-and-go’ technology.

Tap-and-go technology allows consumers to make payments using credit cards or services such as Apple Pay, Samsung Pay, Android Pay, or Google Pay without swiping or inserting their cards. This adds a nice layer of protection because magnetic strips and chips are never compromised, and PIN numbers do not need to be entered.

Guard PIN numbers.

When it comes to guarding PIN numbers, channel the power of a nerd desperately shielding their test answers from classmates with wandering eyes, or the vigor of a mother bear protecting her cubs from prey. That PIN number is an essential piece of the puzzle when it comes to identity theft. Never share it with anyone, and cover the keypad when entering it at the checkout or at an ATM to shield it from hidden cameras and others waiting in line.

Use ATMs inside bank vestibules.

Whenever possible, use ATMs housed inside a bank, or on the premises of a bank, for an extra layer of protection. Be sure the area is well-lit with heavy traffic, and be aware of the surroundings.

Do a quick inspection.

PC Magazine recommends consumers conduct a quick inspection of ATMs and retail card readers. “Check for some obvious signs of tampering at the top of the ATM, near the speakers, the side of the screen, the card reader itself, and the keyboard. If something looks different, such as a different color or material, graphics that aren’t aligned correctly, or anything else that doesn’t look right, don’t use that ATM.” Other signs of trouble may include:

• A keyboard that feels odd (perhaps too thick) because an overlay designed to steal PIN numbers has been installed on the machine;
• Noticeable differences in ATMs situated next to each other, such as a flashing light at the card insertion point on one machine, and no light on the other. This may be a sign that the flashing light on the dark machine is being covered up by a shim; and
• Loose parts on a machine could be a sign of tampering. Wiggle everything to ensure the keypad is securely in place.

Review bank and credit card statements, and credit reports.

Online banking makes it easier than ever to monitor bank statements. Check bank and credit card statements regularly to ensure that all transactions are accurate. If something looks amiss, contact the bank or credit card company immediately. Check credit reports periodically, too.

Consumers who believe they have been the victim of a card skimmer or shimmer should also contact local or state police to file a report.

Learn More

Fidelity Bank has multiple local branch offices throughout Northeastern Pennsylvania and the Lehigh Valley, and our full-service Client Care Center is at your service 7 days a week. Call or visit your local branch office today.