In the evolving world of financial frauds, Card Shimming is not new and represents a real and stealthy threat.
These small and virtually undetectable devices, installed inside legit ATMs card readers, are designed to steal data from chip-enabled credit and debit cards.
It’s important to note that even though we’re classifying it as a tourist scam, it might indiscriminately target anyone using tampered ATMs, as well as Payment terminals and Ticket Purchase Terminals or TVMs (like those at train stations or gas pumps, for example). Be sure to check the Extras and Thoughts and ATM&Co Related Scams at the end to learn more.
1) How it Works
As mentioned, Shims are thin devices inserted into the card slot of an ATM or card reader. When a card is inserted, the shimmer reads and stores the card’s data from its chip.
Unlike Skimmers (read more here), Shims are designed to steal data from chip-enabled cards and due to their size and placement inside the card slot they might be really hard to spot.
This, along with the fact that they do not disturb the normal operation of the ATM or Payment Terminal, makes this scam one of those we tend to notice too late.
2) What You Risk
Shims read and capture the payment chip data including the card number, expiry date, and other details embedded in the chip.
If scammers manage to get your PIN, they could use it for withdrawals and normal transactions.
Evene without, fraudsters could use the card data for online transactions and purchases.
3) How to Avoid it
Shims tend to be more elusive than Skimmers; it’s highly unlikely that you’ll be able to spot one while using an ATM or a Payment Terminal.
However, here is the advice we can give you:
– Stay vigilant when using ATM or Payment Terminal card slots. If the card slot appears tampered with, or if your card encounters resistance when entering, refrain from using the machine.
– Be cautious of potential fake keypads or hidden cameras targeting the original one. These are two of the ways scammers obtain the PIN.
– Use services that provide OTC (One-Time Code) or other verification methods to confirm online transactions.
For more advice on how to deal with this and other ATM scams, or at least limit the damage, check out our 6+1 Ways to Prevent Card Reader and ATM Scams and the rest of the series about ATM&Co below.
4) ATM&Co Related Scams
5) About the ATM and Card Reader Scams Series
As with most of the articles in this series, please keep in mind that:
- We’re trying to avoid redundancies, to learn more it’s advisable to read the rest of the posts (you can find them in the ATM&Co Related Scams section of this article, or under the Card Reader Scams tag).
- Although relatively rare, this kind of frauds could happen to anyone, tourists and non-tourists alike. It’s not only related to ATMs but any automatic payment column working with a card and PIN (like Payment terminals at gas stations or Tickets Vending Machines at train stations). It’s simply more likely to affect foreigners who may not know the safest areas or which machines to avoid.
Remember; the more you know, the better.
Content Disclaimer
All images are licensed under CC0, CC BY, or CC BY-SA and belong to their respective authors.