Most people are aware of ATM skimmers, they know what to look out for and if you are careful it is unlikely that you will be fooled by one, but what if you can’t see the skimmer because it is not visible. There is a new form of skimmer being used, versions have been found in Europe, Mexico, Canada and in the USA. They are called shimmers and are a lot harder to notice. Scammers have been using them because of the difficulty in discovering them and their use in the copying of new chipped credit cards which are not vulnerable to conventional skimmers.
What Is A Shimmer?
Well, first let’s define a skimmer. When credit cards were first released they stored all their information in plain text, i.e. not encrypted, on the magnetic strip. This meant that if a scammer could scan the magnetic strip they could gather all the information they would need to replicate the card and use it for fraudulent purposes., but they needed access to the credit cards. Skimmers were the solution to this problem that scammers had, they were placed on ATMs guaranteeing people would be exposing their cards to the skimmer.
This technique was then picked up by banks and many security measures were added to credit cards to prevent skimming. These measures included encrypting the data and eventually the use of chips on the credit card. These chips require direct electrical contact and therefore are not vulnerable to magnetic scanners. A shimmer is the scammer’s response to chipped credit cards. A shimmer is a small piece of flexible printed circuit board (PCB) which can be inserted into the card slot of the ATM. By slipping the shimmer into the slot, the scammer is accomplishing two things. Firstly, they are hiding the shimmer making it more difficult to detect and therefore more likely to have access to multiple cards and secondly, the shimmer can sit between the card and the chip reader listening to all the communication happening between them.
These shimmers can gather enough data that the scammer could produce new magnetic strip clones based on this stolen data, luckily, they cannot replicate card into a chipped clone. The magnetic strip clones shouldn’t be able to be used for fraudulent transactions, but the problem is that some banks were negligent. They didn’t correctly implement the security features of the card, one of which being the integrated circuit card verification value (iCVV). This value is only stored on the chip and is different from the CVV stored on the magnetic strip. Banks are supposed to verify every transaction made by the card using the iCVV code, but some haven’t implemented this security feature and therefore leaving their customers vulnerable to shimmers.
What Can You Do?
Firstly, these shimmers are not very common and only a few have been detected around the world, but you should still be extra cautious. One of the easiest methods to ensure that you are not being shimmed is to use the tap-to-pay feature built into most credit cards nowadays. This prevents any direct electrical contact and the data transferred in these transactions is minimal, not enough to replicate the card.
Secondly, check with your bank if they have implemented iCVV as shimmers are common knowledge and banks should have already made steps to ensure they and you aren’t vulnerable. This should bring some peace of mind, because if iCVV is implemented then you are not vulnerable to a shimmer.
Finally, whenever using an ATM, feel how tight the credit card slot feels. If you must force your card at all, then there is likely something blocking the slot and you should use a different ATM.