Harrisburg, PA – With the holiday shopping season’s arrival, many of us will find ourselves withdrawing cash from ATMs, filling up our gas tanks for busy shopping days or holiday travel, or making payments at credit card terminals. As technology and financial scam artists become more sophisticated, Secretary of Banking and Securities Robin L. Wiessmann is warning Pennsylvanians to be on the lookout for a variation of an old trick for stealing your payment information.
Card “shimmers” are a newer version of the more commonly known card “skimmers” financial scam. Rather than collecting your payment information from the swipe of your credit or debit card’s magnetic stripe, the criminal steals your information from the card’s EMV chip when it is inserted into the machine’s slot. This is done with help from a shim – a paper-thin, card-size device embedded with a microchip or flash storage inserted directly into the machine’s card slot. The shim then reads and stores your payment information until the scammer can return to collect it.
“Unlike card skimmers – which can be easier to spot with a physical inspection of your ATM, gas pump, or store payment device – shims can be harder to detect due to their paper-thin size and concealment inside of the machine,” warns Wiessmann. “Exerting a little extra effort and due diligence can go a long way in helping protect your personal financial information from scammers, who can value your personal information more than money.”
Wiessmann suggests the following tips to protect yourself from card “shimmers”:
- Defer to “tap-and-go” or contactless payment methods. Advances in technology have made it easier to make payments while avoiding skimming and shimming risks. Many credit cards offer a “tap-and-go” feature that do not require inserting or swiping your card. Services like Apple Pay and Samsung Pay are similarly used in a tap-and-pay manner. If you do swipe or insert your card, consider using your credit card instead of debit card to avoid compromising your PIN and to gain other consumer protections.
- Watch statements and account activity carefully. Regularly look through your credit card and bank account transactions to catch any errant transactions. You can request a free copy of your credit report [PDF] from each of the three nationwide credit reporting companies once a year. Consider pulling from one of the companies every four months to keep a regular eye on the activity.
- Heed the warning of ATM or payment terminal troubles. ATMs in low-traffic, poorly lit areas and those that are freestanding are more likely to be targets for fraud devices. The same is true of payment terminals inside of stores located near employees; although shimming devices can be present within a store, you are less likely to find one there than at an unmanned, hard-to-observe machine. If someone ahead of you is taking an unusual amount of time at the ATM and is acting suspiciously, do not use that machine and report it to law enforcement. Most importantly, if you have trouble removing your card from the machine or it gets completely stuck, contact the institution and law enforcement immediately to report the issue.
- Use your bank’s services. Whenever possible, use the ATM inside of a bank which are less susceptible to shimmers or withdraw money directly from a bank teller.
- Guard the keypad. Use your hand to cover your PIN number to conceal it from a person in line behind you or the view of any planted cameras.
If you believe you have been the victim of a card “shimmer” or “skimmer,” file a report with local or state police [PDF] and report the incident to the card issuer.
Throughout the week, the Department of Banking and Securities has been highlighting financial scams that may impact holiday shoppers – the Tech Support Scam, Grandparent Scam, and fake banking apps – and ways consumers can protect themselves.
Anyone can contact the Department of Banking and Securities at 1-800-PA-BANKS or 1-800-600-0007 to ask questions or file complaints about financial transactions, companies, or products. Members of the public are also invited to connect to the department through Facebook and Twitter.