What is debit card skimming?
My friend did not use her debit card very often. But one day her financial institution’s fraud department alerted her that that her card was being used to simultaneously charge $1000 at a truck stop in El Paso AND charge hundreds of dollars at various home furnishing stores in Rockwall. My friend was in neither place while those debits were occurring. Fortunately, after filling out and signing some forms, she was able to get her money back. But what happened? And how do you prevent it?
In her case, there were a couple of possibilities. She had recently used the card to buy lunch at a restaurant in the area. As is typical in these types of establishments, her card was out of her sight for a few minutes while the debit transaction was being processed. The server could’ve used an easily concealable handheld device to “skim” the card and store the information for later use. Skimmers are easily available online and can be used in situations like this to steal card information.
Another possibility is that she used her card to “pay at the pump” for gas. Although we take for granted that these self-serve payment devices will always be safe and secure, that is not always the case. In 2012, a California man was sentenced to 20 years here in Fort Worth for his part in a massive card skimming scheme that focused on gas stations. In this situation the pump itself was tampered with and the skimmer placed inside. They collected card information and stored them until the device could be retrieved by the criminals.
At that point, the numbers are either used by the criminals themselves to make cards and purchase goods that can be sold, or—more likely—sold in online exchanges that traffic stolen card numbers. Debit fraud has become big business in the criminal world. The Federal Reserve Bank estimated that debit card losses in the U.S. reached $1.38 billion in 2011, with signature-required transactions accounting for the vast majority of the losses. In my friend’s case, the criminals tipped their hand by allowing the number to be used simultaneously at locations that were hundreds of miles apart, which tipped off the automated fraud monitoring that most institutions—including EECU—use to try and detect fraud as soon as it occurs.
Although the two examples above involved skimming methods that happened out of sight, some skimming attacks happen right in front of your eyes. Criminals have built custom skimmers that are designed to attach to the front of an ATM, over the regular card reader. This allows them to read the card and store its information as you are inserting it into the machine. They may couple this with a hidden camera meant to capture you entering your PIN so that they then have everything they need to create a fake card and start looting money from your account.
So what can you do to protect yourself?
In addition, to help protect our member’s accounts, EECU places certain daily limits on cards that can vary by type of store, or by the state or country you are in. If you know you’re going to be making a larger-than-normal purchase on your card in the next 24 hours, or if you are going to be traveling, call us in advance and we can help make sure your card will be available to you.
|Tim Grove, vice president of systems development, has been with EECU Credit Union’s information technology team since 1999, and is responsible for the programming and development of EECU’s website as well as all online and mobile services. Tim holds an undergrad degree in marketing from Oklahoma Christian University as well as an MBA from the University of Texas at Arlington, and has served marketing and IT teams at companies including Canon, EDS and Halliburton.