What is debit card skimming?

Posted on by

My friend did not use her debit card very often. But one day her financial institution’s fraud department alerted her that that her card was being used to simultaneously charge $1000 at a truck stop in El Paso AND charge hundreds of dollars at various home furnishing stores in Rockwall. My friend was in neither place while those debits were occurring. Fortunately, after filling out and signing some forms, she was able to get her money back. But what happened? And how do you prevent it?

In her case, there were a couple of possibilities. She had recently used the card to buy lunch at a restaurant in the area. As is typical in these types of establishments, her card was out of her sight for a few minutes while the debit transaction was being processed. The server could’ve used an easily concealable handheld device to “skim” the card and store the information for later use. Skimmers are easily available online and can be used in situations like this to steal card information.

Another possibility is that she used her card to “pay at the pump” for gas. Although we take for granted that these self-serve payment devices will always be safe and secure, that is not always the case. In 2012, a California man was sentenced to 20 years here in Fort Worth for his part in a massive card skimming scheme that focused on gas stations. In this situation the pump itself was tampered with and the skimmer placed inside. They collected card information and stored them until the device could be retrieved by the criminals.

At that point, the numbers are either used by the criminals themselves to make cards and purchase goods that can be sold, or—more likely—sold in online exchanges that traffic stolen card numbers. Debit fraud has become big business in the criminal world. The Federal Reserve Bank estimated that debit card losses in the U.S. reached $1.38 billion in 2011, with signature-required transactions accounting for the vast majority of the losses. In my friend’s case, the criminals tipped their hand by allowing the number to be used simultaneously at locations that were hundreds of miles apart, which tipped off the automated fraud monitoring that most institutions—including EECU—use to try and detect fraud as soon as it occurs.

Although the two examples above involved skimming methods that happened out of sight, some skimming attacks happen right in front of your eyes. Criminals have built custom skimmers that are designed to attach to the front of an ATM, over the regular card reader. This allows them to read the card and store its information as you are inserting it into the machine. They may couple this with a hidden camera meant to capture you entering your PIN so that they then have everything they need to create a fake card and start looting money from your account.

So what can you do to protect yourself?

In addition, to help protect our member’s accounts, EECU places certain daily limits on cards that can vary by type of store, or by the state or country you are in. If you know you’re going to be making a larger-than-normal purchase on your card in the next 24 hours, or if you are going to be traveling, call us in advance and we can help make sure your card will be available to you.

Tim Grove, vice president of systems development, has been with EECU Credit Union’s information technology team since 1999, and is responsible for the programming and development of EECU’s website as well as all online and mobile services. Tim holds an undergrad degree in marketing from Oklahoma Christian University as well as an MBA from the University of Texas at Arlington, and has served marketing and IT teams at companies including Canon, EDS and Halliburton.


Follow @EECUdfw

9 thoughts on “What is debit card skimming?

  1. This just recently happened to my credit/debit card and I am so thankful for EECU and the fraud services who noticed the unusual activity, called and emailed me and placed a hold on the card. I was able to quickly get in to sign the paperwork and have my funds returned to my account within 24 hours. I don’t know how the perpetrators got my number but it was most likely one of these “skimmers” since I still had possession of the card. Thank you EECU!

    • We’re so sorry you had to go through that process, but very glad our fraud-legal department was able to help you!

  2. I recently got info from eecu that my credit worthiness was changing d/t info gotten from equifax. I tried to access my credit on line frm equifax, but could not obtain online d/t unrecognized info on a mortgage I do not have. So, not I have to write in to obtain. Why would one credit rater send info and not all three?

    • Hi Vivian, was this letter related to a credit card account? If so, this was likely part of our required annual scoring for card holders. This information is received from Equifax, which may be why you only received a notice from one bureau. If you have questions about changes to your account, please give us a call at 817-882-0800 and we’ll be happy to answer them. If there is information appearing on your credit history that you do not recognize, the credit reporting bureaus have steps to dispute misinformation, which can be found at http://www.investigate.equifax.com, http://www.experian.com and http://www.transunion.com.

  3. Do the credit card sleeves that we can purchase work to protect cards when they are in your wallet or purse? I have heard that thieves can skim as they pass by us. Is this true?

    • Hi Mary! This vulnerability is generally limited to cards that have chips (called RFID chips) in them that communicate with devices, for instance the ability to wave a card over a scanner to make a payment. EECU’s credit and debit cards don’t have these capabilities, so we have not offered the protective sleeves before; however, many different types of materials may interfere with the signals produced by these chips in order to protect the owner.

  4. Where can YOUR consumers find these “certain daily limits” that “can vary by type of store” etc? There is no way I, an account holder, can be sure that I can access MY OWN MONEY using an EECU debit card – your representatives say use the PIN access but even your information says that can be breeched as well. It’s very frustrating to use a bank that can’t provide concrete rules about how I can use my own bank card. At the LEAST, I should be able to ask inside a branch to look at your current “limits”. Now that we are aware of this “protective” practice, we have to seriously reconsider banking with EECU and that is too bad.

    • Hi Lisa, we understand your frustration. This is an issue being experienced by all financial institutions and is constantly changing based on where fraud is occurring the most, so it’s difficult to keep members aware of updates on an ongoing basis without informing fraudsters of vulnerabilities. Using a PIN for transactions should work in any case, unless there is some other issue with the transaction or account. We hope you’ll stick with us through this influx of fraud, and know that in addition to helping protect our members, these measures prevent the loss of money that allows us to offer better rates on loans and savings accounts.

Comments are closed.