CINCINNATI (FOX19) - The Better Business Bureau is warning credit and debit card users of a sophisticated new scam known as "shimming."
Shimmers are smaller versions of skimming devices that collect information from cards used at ATM terminals or gas pumps. But unlike skimmers, shimmers are virtually undetectable.
Credit card skimmers are often bulky and wobbly, making them easier to spot. A shimmer, named for its paper-thin size, fits inside a card reader and can be quickly installed by a criminal who is pretending to make a purchase or withdrawal, the BBB reports.
Once installed, the shimmer's microchip can steal and store personal information, including debit card PINs.
The BBB says thieves can collect the shimmer data by inserting a special card that downloads the information. After that, the data is used to create a magnetic stripe version of the card that can be used in payment terminals that haven't been updated with EMV chip technology.
"So, its account information, its pin numbers, it's the encrypted information that's already taken place. They'll take that information, and then create dummy cards from that data that was harvested from that machine," BBB Spokesperson Sandra Guile said.
BBB suggests keeping a close eye on your credit card statements and debit accounts and immediately report any suspicious activity.
Shimmers can cause inserted cards to become stuck. If something seems peculiar during a transaction or bank withdrawal, alert the store or bank.
How to protect yourself from shimmers, according to the BBB:
- Use the contactless tap-and-go feature on your credit or debit card instead of swiping or inserting your card.
- Use contactless mobile services such as Apple Pay or Samsung Pay to tap and pay.
- If you’re withdrawing cash at a bank, go inside to a teller.
- Use ATMs in banks rather than a more vulnerable standalone machine.
- Cover the keypad with your hand when entering your PIN.
- Don’t proceed with a transaction if your card encounters resistance when it is inserted.
- Contact the bank, merchant and your card issuer is you suspect your card has been compromised.