Protect Yourself From Skimming and Phishing

Skimming occurs when devices illegally installed on or inside ATMs, point-of-sale (POS) terminals, or fuel pumps capture card data and record cardholders’ PIN entries. Criminals use the data to create fake payment cards and then make unauthorized purchases or steal from victims’ accounts. It is estimated that skimming costs financial institutions and consumers more than $1 billion each year.

Fuel Pump Skimming

Fuel pump skimmers are usually attached to the internal wiring of the machine and aren’t visible to the customer. The skimming devices store data to be downloaded or wirelessly transferred later.

Tips When Using a Fuel Pump:

• Choose a fuel pump that is closer to the store and in direct view of the attendant.
• Run your debit card as a credit card or cover the keypad when you enter your PIN.
• Examine the keypad before use for any inconsistencies in coloring, material, or shape. These inconsistencies might suggest that a foreign device is present.
• Consider paying inside with the attendant, not outside at the pump.
• Tap the card instead of swiping or inserting it when paying at the pump (if the card and terminal allow for it).

ATM and POS Terminal Skimming

In these scams, ATM skimmer devices are inserted in the card reader or otherwise installed within the terminal. However, some skimmer devices may fit over the terminal’s card reader or be situated along exposed cables at freestanding ATMs (such as those found at convenience stores).

Pinhole cameras installed on or around ATMs record a customer’s PIN entry. In some cases, keylogging keypad overlays are used instead of pinhole cameras to record PINs. These overlays record a customer’s keystrokes.

POS skimming devices are generally designed as overlays to the POS terminal and have wireless transmission capabilities. It only takes seconds to install a skimming device. Fraudsters may seek to distract store clerks – such as by requesting items from behind the counter – to accomplish this. Skimming devices store data to be downloaded or wirelessly transferred later.

Phishing Scams

Law enforcement has also seen a significant uptick in targeted phishing, smishing, and vishing scams to compromise card data.

• Phishing involves emails designed to get victims’ personally identifiable information or financial credentials. Scammers typically pose as a creditor, bank, or state benefits agency.
• Smishing uses SMS text messages instead of email.
• Vishing uses phone calls, generally with an automated voice.

These calls or messages will seek to trick cardholders into entering their card details without thinking. Scammers achieve this by creating a sense of distress. They often do this by referencing the closing of the account or a loss of funds.

Protect Yourself

• Inspect card readers for anything loose, crooked, damaged, or scratched. If possible, use ATMs in a well-lit, indoor location.
• Be especially alert for skimming devices in tourist areas, since these are popular targets.
• Routinely monitor your accounts to promptly identify any unauthorized transactions. If possible, set email or text-message alerts to notify you of card or account transactions.
• Contact your financial institution immediately if the ATM doesn’t return your card after you end or cancel a transaction. This may suggest the presence of a foreign device in the card reader.
• If you suspect your card was compromised in this type of scam, immediately contact your card issuer and promptly change your PIN.

Keep up to date on the latest fraud news by visiting bfcu.org.

Need to report card fraud? 
Call 800-647-2328, option 6, or text 318-549-8145. Open Monday – Friday, 8:30 am – 5 pm.
After-hours debit card fraud, call 866-274-2761.
After-hours credit card fraud, call 800-543-5073.

Read the full article at: fbi.gov/how-we-can-help-you/scams-and-safety/common-frauds-and-scams/skimming