May 2017

ATMs. Gas pumps. Self-checkout payment pads. What do all three have in common? All of them can be physically hacked by scammers to enable them to skim your credit or debit card information—and that kind of hacking is unfortunately on the rise.

Skimming, to give you a brief overview, requires perpetrators to place some sort of device either on top of existing card-reading equipment or beneath the surface, hooked into the card reader’s computer. That equipment, often used along with a pinhole camera of some sort, is used to grab your card information as soon as you swipe your card, and capture video as you enter your PIN. The hackers can later download the card numbers and matching PINs they’ve collected, and then they can either sell the information on the dark web or use it to create fake cards.

While skimming devices are becoming more and more sophisticated and therefore more difficult to detect, there are a number of things you can do to protect yourself.

1. 1. 1. Use your credit union or bank ATM. Reliant and other financial institutions have systems in place that can detect tampering. We also monitor and inspect our ATMs carefully and frequently.
      2. Know the ATM you use. If you frequently withdraw cash from a particular machine, inspect that machine to familiarize yourself with the look of the machine. Look for changes in cleanliness around the card reader, which could indicate it has recently been cleaned to allow the skimming device to be affixed. Look for marketing messaging that’s covered up that had been fully visible. A financial institution wouldn’t cover its marketing messages.
      3. Cover the keypad when you’re entering your PIN. When a pinhole camera is used, it’s placed in a location that allows it to capture your hand striking the keys as you enter your PIN. If you shield the keypad from view, you’re preventing hackers from capturing that data to connect with your card number. Use your credit union or bank ATM. Reliant and other financial institutions have systems in place that can detect tampering. We also monitor and inspect our ATMs carefully and frequently.
      4. Look for things that protrude around the card reader and jiggle them—they shouldn’t budge. When hackers install skimming equipment externally, they’ll often use double-sided tape or something similar, so their card readers tend to move a little if you jiggle them. Permanent equipment shouldn’t have any give to it.
      5. Look for broken stickers on the gas pump or ATM. When a hacker adds equipment internally, rather than externally, he may break stickers that cover the seam in the façade of the pump or ATM, so any broken sticker could indicate the machine has been tampered with.

If you see a card reader or ATM that is suspicious in any way, don’t use it, and report your concerns to the financial institution or proprietor of the business where the ATM or point-of-sale device is located. If you fear you’ve recently used a machine that you are now concerned may have been compromised, make sure to closely monitor your account, and sign up for credit card alerts or account alerts if you haven’t already.

Additional Reading on Skimming

• • “Would You Have Spotted the Fraud?” from Krebs on Security
  • “How to Spot and Avoid Credit Card Skimmers” from PC Mag

As always, thank you for your membership!

Pamela Heald
President & CEO