Browse Definitions:

card skimming

Contributor(s): Matthew Haughn

Card skimming is the theft of credit and debit card data and PIN numbers when the user is at an automated teller machine (ATM) or point of sale (POS).

Card skimming allows thieves to steal money from accounts, make purchases and sell card information to third parties for the same purposes. Generally, the exploit involves modified payment card reader hardware that fits over an existing genuine payment device or ATM. The phony reader collects and passes on payment card information for retrieval by the thief. PIN numbers may be retrieved with a keypad overlay or a hidden camera.

Another possibility is shoulder surfing, in which the thief pretends to be just another person waiting to use the machine and watches the victim enter the code. In systems that use Bluetooth to transmit card data wirelessly, such as some mobile POS, a thief may also be able to eavesdrop on transactions that aren’t adequately protected.

A lack of public awareness about the issue allows card skimmers to be successful. To protect yourself from the exploit, you should be alert to your surroundings when making any transactions and take note of changes to known ATMs and card readers or anything out of the ordinary in the environment.

If an ATM or POS seems suspect, you should refrain from making a transaction and report anything suspicious to the owner. To protect yourself from RFID skimming, which allows thieves to steal card information from a distance, it may be advisable to carry cards in holders made from materials that block wireless signals.

This was last updated in January 2017

Continue Reading About card skimming

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.


File Extensions and File Formats


  • risk map (risk heat map)

    A risk map, also known as a risk heat map, is a data visualization tool for communicating specific risks an organization faces. A...

  • internal audit (IA)

    An internal audit (IA) is an organizational initiative to monitor and analyze its own business operations in order to determine ...

  • pure risk (absolute risk)

    Pure risk, also called absolute risk, is a category of threat that is beyond human control and has only one possible outcome if ...


  • cloud ecosystem

    A cloud ecosystem is a complex system of interdependent components that all work together to enable cloud services.

  • cloud services

    Cloud services is an umbrella term that may refer to a variety of resources provided over the internet, or to professional ...

  • uncloud (de-cloud)

    The term uncloud describes the action or process of removing applications and data from a cloud computing platform.


  • federated identity management (FIM)

    Federated identity management (FIM) is an arrangement that can be made among multiple enterprises to let subscribers use the same...

  • cross-site scripting (XSS)

    Cross-site scripting (XSS) is a type of injection security attack in which an attacker injects data, such as a malicious script, ...

  • firewall

    In computing, a firewall is software or firmware that enforces a set of rules about what data packets will be allowed to enter or...




  • bad block

    A bad block is an area of storage media that is no longer reliable for storing and retrieving data because it has been physically...

  • all-flash array (AFA)

    An all-flash array (AFA), also known as a solid-state storage disk system, is an external storage array that uses only flash ...

  • volume manager

    A volume manager is software within an operating system (OS) that controls capacity allocation for storage arrays.


  • hybrid hard disk drive (HDD)

    A hybrid hard disk drive is an electromechanical spinning hard disk that contains some amount of NAND Flash memory.