Contents
What is Skimming? – Data Security Terminology
In the realm of data security, “skimming” refers to a malicious practice wherein unauthorized individuals obtain sensitive information from credit card or debit card transactions. Skimming is often performed by installing electronic devices or software on legitimate payment terminals, ATMs, gas pumps, or other devices that process card payments.
These devices, known as skimmers, are designed to discreetly capture the cardholder’s data, including the card number, expiration date, and in some cases, the cardholder’s name. Skimming is a form of identity theft that allows criminals to create or clone counterfeit cards, make unauthorized purchases, or even access the individual’s bank account.
Skimming can occur in various settings, from physical terminals to online platforms. Here are a few common methods that skimmers employ:
1. Physical Skimming
In physical skimming, criminals tamper with legitimate card reading devices to steal card information. They typically attach skimming devices over the genuine card reader or replace the reader entirely. These devices are almost impossible to detect by an unsuspecting card user.
For example, a skimmer can be affixed to an ATM’s card slot, and a camera or a fake PIN pad overlay is installed to capture the user’s PIN code. The skimmer records the card data, and the camera captures the PIN code, allowing the criminals to access the victim’s account.
2. Virtual Skimming
Virtual skimming, also known as online skimming or Magecart attacks, occurs on e-commerce websites. Cybercriminals inject malicious code into the website’s payment processing pages, which secretly captures the cardholder’s data during the checkout process.
This method of skimming is particularly alarming because customers are virtually unable to detect any suspicious activity while making online purchases. The compromised website continues to operate normally, leaving the skimming code undetected by the website administrators and security systems.
3. Contactless Skimming
Contactless skimming involves using NFC (Near Field Communication) readers or mobile applications that can remotely capture the card’s data without physical contact. Criminals with these devices can obtain card information by merely passing near the victim, as long as the victim’s card has contactless payment capabilities.
It’s essential to note that contactless card technology is generally secure and employs encryption to protect the cardholder’s data. However, instances of skimming can still occur in situations where security measures are compromised or vulnerable.
Protecting Yourself from Skimming Attacks
To safeguard against skimming:
- Physically inspect card readers and terminals: Before inserting your card, check for any loose or suspicious attachments, or any signs of tampering.
- Use secure online payment gateways: Ensure that the website you are transacting with has implemented security measures such as SSL encryption.
- Regularly review your banking transactions: Keep an eye on your bank statements and immediately report any unauthorized activity to your financial institution.
- Use contactless cards with caution: While contactless cards offer convenience, be cautious of where and how you use them.
- Enable transaction alerts: Set up notifications to receive alerts for every transaction made with your card.
By staying vigilant and taking precautionary measures, you can significantly reduce the risk of falling victim to skimming attacks and safeguard your sensitive cardholder information.
Reference Articles
Read also
[Google Chrome] The definitive solution for right-click translations that no longer come up.