Credit card skimmers have been a major form of fraud for many years. Threat actors use physical and digital skimmers to steal credit card numbers and PINs from innocent people at fast-food restaurants, gas stations, and many other places.
Physical Skimmer: A credit card skimmer is a device or software used to illegally capture credit card information from unsuspecting individuals. These devices are often installed on legitimate card readers, such as those found on ATMs, gas station terminals, or point-of-sale devices at retail stores.
Physical skimmers are typically small devices that are attached to card readers, often discreetly placed over the legitimate card reader or inside the machine itself. When a person inserts their credit or debit card into the compromised reader, the skimmer captures the card's magnetic stripe data The magnetic stripe data includes the card number, expiration date, and sometimes the cardholder's name. Some skimmers also have hidden cameras or overlays to capture PINs as they are entered.
For a long time, card users only had to worry about skimmers at physical locations where they were using their cards. As the internet and electronics evolve, so do the tactics and methods threat actors use. A new threat that card users are faced with is digital card skimmers.
Digital Skimmer: A digital skimmer, also known as a website or web skimmer, is a type of malicious code designed to steal payment information from websites. This type of skimmer typically targets e-commerce websites. The skimmer code is injected into the website's payment processing pages, often through vulnerabilities or security flaws.
Telegram has become a hotspot for threat actors who commit fraud. There are many public and private Telegram channels that either sell stolen credit card credentials or even send the data out for free. The image below is just one example of a Telegram channel that contains thousands of stolen credit card numbers. In this channel, the data is free to anyone. Just this one channel alone has over 5,000 subscribers.
The image below also shows an example of just how much data is being shared each day within these public and private Telegram channels. The timestamp shown on each message shares just how many messages are being sent within a single minute.
To prevent becoming a victim of skimming, whether it's physical or digital, here are some steps you can take:
Before inserting your card, give the card reader a quick inspection. Look for any loose parts, unusual attachments, or anything that seems out of place.
When entering your PIN at ATMs or point-of-sale terminals, cover the keypad with your hand to prevent hidden cameras or onlookers from capturing your PIN.
Regularly monitor your bank and credit card statements for any unauthorized transactions.
When making online purchases, only enter your payment information on secure websites with HTTPS encryption.
Stay informed about the latest skimming techniques and scams. Knowledge is the best defense against falling victim to skimmers.
With FraudXchange, your institution can gain the upper hand. Detect, prevent, and mitigate financial fraud while fostering cooperation with fellow member banks and credit unions. Learn more!