The EEFCU would like to share some information with you regarding a credit/debit card shimming. The following is a part of an article from Krebs Security that we believe explains shimming and offers ways to protect yourself.
As the US banks continue to make the shift to chip-based credit and debit cards, a new form of card skimming called “shimming” is becoming more prevalent. Shimming attacks are not new, but as banks in the United States shift to issuing chip-based cards an increase will be seen. Here’s a brief primer on shimming attacks, and why they succeed.
Most skimming devices made to steal credit card data do so by recording the data stored in plain text on the magnetic stripe on the backs of cards. A shimmer, on the other hand, is so named because it acts a shim that sits between the chip on the card and the chip reader in the ATM or point-of-sale device — recording the data on the chip as it is read by the underlying machine.
Data collected by shimmers cannot be used to fabricate a chip-based card, but it could be used to clone a magnetic stripe card. Although the data that is typically stored on a card’s magnetic stripe is replicated inside the chip on chip-enabled cards, the chip contains an additional security components not found on a magnetic stripe.
The reason shimmers exist at all is that some banks have apparently not correctly implemented the chip card standard, known as EMV (short for Europay, Mastercard and Visa). As banks continue to implement and update, a decline in shimming fraud should be seen.
Once you understand how stealthy these ATM fraud devices are, it’s difficult to use a cash machine without wondering whether the thing is already hacked. The truth is most of us probably have a better chance of getting physically mugged after withdrawing cash than encountering a skimmer in real life. However, here are a few steps we can all take to minimize the success of skimmer gangs.
-Cover the PIN pad while you enter your PIN.
-Keep your wits about you when you’re at the ATM, and avoid dodgy-looking and standalone cash machines in low-light areas, if possible.
-Stick to ATMs that are physically installed in a bank. Stand-alone ATMs are usually easier for thieves to hack into.
-Be especially vigilant when withdrawing cash on the weekends; thieves tend to install skimming devices on a weekend — when they know the bank won’t be open again for more than 24 hours.
-Keep a close eye on your bank statements, and dispute any unauthorized charges or withdrawals immediately.
© 2017 Krebs on Security.