Browse Definitions :
Definition

card skimming

Contributor(s): Matthew Haughn

Card skimming is the theft of credit and debit card data and PIN numbers when the user is at an automated teller machine (ATM) or point of sale (POS).

Card skimming allows thieves to steal money from accounts, make purchases and sell card information to third parties for the same purposes. Generally, the exploit involves modified payment card reader hardware that fits over an existing genuine payment device or ATM. The phony reader collects and passes on payment card information for retrieval by the thief. PIN numbers may be retrieved with a keypad overlay or a hidden camera.

Another possibility is shoulder surfing, in which the thief pretends to be just another person waiting to use the machine and watches the victim enter the code. In systems that use Bluetooth to transmit card data wirelessly, such as some mobile POS, a thief may also be able to eavesdrop on transactions that aren’t adequately protected.

A lack of public awareness about the issue allows card skimmers to be successful. To protect yourself from the exploit, you should be alert to your surroundings when making any transactions and take note of changes to known ATMs and card readers or anything out of the ordinary in the environment.

If an ATM or POS seems suspect, you should refrain from making a transaction and report anything suspicious to the owner. To protect yourself from RFID skimming, which allows thieves to steal card information from a distance, it may be advisable to carry cards in holders made from materials that block wireless signals.

This was last updated in January 2017

Continue Reading About card skimming

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

  • compliance as a service (CaaS)

    Compliance as a Service (CaaS) is a cloud service service level agreement (SLA) that specified how a managed service provider (...

  • data protection impact assessment (DPIA)

    A data protection impact assessment (DPIA) is a process designed to help organizations determine how data processing systems, ...

SearchSecurity

  • identity provider

    An identity provider is a system component that is able to provide an end user or internet-connected device with a single set of ...

  • firewall

    A firewall is software or firmware that enforces a set of rules about what data packets will be allowed to enter or leave a ...

  • encryption

    Encryption is the method by which information is converted into secret code that hides the information's true meaning. The ...

SearchHealthIT

SearchDisasterRecovery

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • disaster recovery team

    A disaster recovery team is a group of individuals focused on planning, implementing, maintaining, auditing and testing an ...

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

SearchStorage

Close