About Us | Contact Us
View Cart

Avoiding ‘Card Skimming’ at ATMs

By Vigilize | Wednesday, June 15, 2011 - Leave a Comment

High-Tech Credit Card Thieves

Be wary when you use automated teller machines (ATMs) and other payment processing machines. Thieves may be using high-tech tools in scams to capture your account information to steal your money.

These scams, known as “card skimming,” involve attaching devices to money machines that read the information on your debit and credit cards when you swipe them. When combined with a nearby concealed camera to record your personal identification number (PIN), the thieves can get everything they need to drain your account or to make unauthorized purchases. In addition to using the information directly, thieves may sell your information to others.

ATMs and automated payment machines in airports, convenience stores, hotel lobbies, and other well-traveled, public places may be most vulnerable to thieves who may think these machines are not regularly inspected by the machine owners. However, card skimming may take place at any ATM or card processing machine, including those on bank premises. As technology makes these devices smaller and more powerful, the risk of card skimming grows.

How High-Tech Thieves Operate
Thieves have many ways to steal your account information. They may attach a card skimmer that looks and acts like a genuine part of the ATM or other type of money machine. The device may be a simple, curved plastic sheath over the card slot. The skimmer reads the magnetic strip or computer chip on your card and transmits your account information to the thieves or saves the information until the skimmer is retrieved.

Thieves may also use a wireless camera concealed nearby in a box holding brochures or in a light fixture. The camera photographs or videotapes your fingers as they enter your PIN on a keypad or screen. Like a card skimmer, the camera can transmit images instantly or save them until the thieves retrieve the camera later. A camera and card skimmer can be used together.

Safeguarding Your Personal Bank Account Information
To help protect you, banks and retailers take measures to minimize the risk of fraudulent use of your debit or credit card, particularly when those purchases are made by telephone or online.

Before approving telephone purchases, retailers typically confirm your identity by asking for personal information. They may ask for your address, the last four digits of your social security number, or answers to security questions you created when you set up your account. Retailers also may ask for the three-digit security code printed on the front or back of your debit or credit card. To protect your online transaction from electronic fraud, many commercial Web sites require you to unscramble a word or a number displayed as a fuzzy or distorted image that is difficult for software to read.

Protecting Yourself With Common Sense Security Measures
Ultimately, you must protect yourself against thieves and the tools they use to access your accounts to steal from you. To protect yourself, follow these common-sense precautions.

  • Walk away from an ATM if you notice someone watching you or if you sense something wrong with the machine; immediately report your suspicions to the company operating the machine or a nearby law enforcement officer.
  • Before using an ATM, examine nearby objects that might conceal a camera; check the card slot for a plastic sheath before inserting your card.
  • Never keep a written copy of your PIN in your wallet or purse as it could be stolen; instead memorize your PIN and keep a paper record hidden at home.
  • When entering your PIN, stand close to the machine and hold your hand over the keypad or screen to make it more difficult for a person or camera to watch you.
  • Beware of strangers offering to help you with an ATM that appears disabled and notify someone responsible for the security of the machine.
  • Regularly review your account statements, either online or on paper, and check for unauthorized withdrawals and purchases. If you find one, immediately contact your bank or credit card provider, as this will limit your financial liability for fraudulent charges.

Federal laws limit your liability from debit and credit card fraud. Two federal laws, in particular, protect you.

The Truth in Lending Act generally limits your liability to $50 for any unauthorized use of your credit card. However, you are not responsible for unauthorized charges on your account—if you report a lost or stolen credit card before the card is used. Also, you are not responsible if the fraud results from someone using your credit card number alone rather than your credit card.

The Electronic Fund Transfer Act also limits your liability for unauthorized use of your debit or ATM cards—if you quickly report the lost or stolen card. You are not held responsible for unauthorized charges if you report the fraud before unauthorized transactions are made. If unauthorized transactions occur before you report your card missing or compromised, your liability depends on how quickly you report the loss.

Additional Information
The Federal Trade Commission provides more information on what to do if your card is lost or stolen in its fact sheet “Credit, ATM and Debit Cards: What to Do if They’re Lost or Stolen,” at www.ftc.gov/bcp/edu/pubs/consumer/credit/cre04.shtm.

The Office of the Comptroller of the Currency has answers about what to do about unauthorized charges and other banking issues at HelpWithMyBank.gov.


Posted by the Comptroller of the Currency: OCC News Release


same_strip_012513

Latest News
    As the investigation of the SolarWinds Hack was ongoing, another hack stole some of the limelight… This is the final update on the SolarWinds hack unless a major development comes to light. You can see the previous article here: “Autopsy of the SolarWinds Hack Update“. One of the largest cyber-espionage campaigns in the history of […]
    Employees working from home may find it more difficult to follow security policies… An article review. The surge in employees working from home during the pandemic created many headaches for IT departments around the world, many of whom had no telecommuting policies or procedures before the start… but what about the employees who had to […]
    A Webinar-Movie infotex presents the 2021 update of a previously released webinar presented by our Lead Non-Technical Auditor, Adam Reynolds. This movie-short is intended for those who are planning to participate in an infotex Incident Response Test. Not sure about the importance of an Incident Response Test? Check out onetest.infotex.com for more information! Please let […]
    PRESS RELEASE – FOR IMMEDIATE RELEASE BUSINESS NEWS INFOTEX PROMOTES BRYAN BONNELL TO DIGITAL MEDIA MANAGER infotex, the Managed Security Service Provider, announced Bryan Bonnell’s promotion from Senior Data Security Analyst to Digital Media Manager.  “He will continue his normal DSA duties on a limited basis, because we want everybody to stay in touch with […]
    PRESS RELEASE – FOR IMMEDIATE RELEASE BUSINESS NEWS RYAN HENSLER OF INFOTEX, EARNS CISSP CERTIFICATE Ryan Hensler, Senior NOC Associate of infotex, Inc., recently received the CISSP certification. “Ryan has proven himself to be a seasoned security professional both in his work for infotex and now through achieving this certification.” said Sean Waugh, Information Security Officer. […]
    Dubious app store subscriptions bring in hundreds of millions of dollars in revenue… An article review. When it comes to malicious applications you’re probably familiar with things like malware and ransomware, and you have ways to avoid them.  Modern desktop and smartphone operating systems have built-in malware detection tools, and some web browsers even automatically […]
    Another Manifesto A supply-chain manifesto by the author of Never Say Never: A Password Manifesto! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . [Sssshh.  Turn out the lights.  Let’s lower our inner voices, as I have something to propose that might be a bit […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office.  
    While malware and security exploits continue to make headlines, the majority of reported security incidents involve phishing… An article review. With all the attention given recently to security incidents involving software exploits and high-profile malware attacks, it would be easy to believe that they represented the most likely incidents you may encounter in the wild.  […]
    Implementing Protective DNS could help your organization avoid attack… An article review. Noting the risks still associated with the Domain Name System (DNS), the National Security Agency and the Cybersecurity and Infrastructure Security Agency (CISA) have recently released new guidance on the selection and use of a Protective DNS service (PDNS). The guidance, released in […]