The information provided on this website does not, and is not intended to, act as legal, financial or credit advice. See Lexington Law’s editorial disclosure for more information.
Chip-enabled cards were designed to reduce instances of identity theft and fraud by adding an additional layer of security. That is, until criminals began credit card “shimming.”
Shimming is an updated version of skimming that reads credit card chip information, allowing the card to be duplicated or its information to be sold illegally.
Shimming vs. Skimming
Before chip-enabled cards, skimming was a method of identity theft that would read a card’s magnetic stripe. Shimming is largely the same concept, but instead of reading the stripe, skimmers read the information in the card’s chip.
Both skimming and shimming require the fraudster to attach or insert a mechanism into a card reader in order to gather the information. These can be tricky to spot for unsuspecting consumers, but understanding how they work will help you be more aware the next time you insert your credit or debit card.
How Credit Card Shimming Works
Credit card shimming works by inserting a small device called a “shim” into a card reader. Unlike skimmers—which were typically bulky and easily detectable if you knew what to look for—shims are small and subtle.
Whenever a chip-enabled card is inserted into the reader, the shim collects its data. Then, the scammer collects this data by inserting what looks like a regular card into the reader. This makes it difficult to spot suspicious activity, as it appears the scammer is making a regular transaction.
As the technology currently stands, scammers aren’t able to create an exact duplicate of chip-enabled cards based on the shimming data they collect. They are, however, able to create a version of the card with a magnetic stripe only—which many retailers still accept.
Keep Your Card Secure
While identity theft is not always avoidable, there are some habits you can incorporate to make sure you’re as protected as possible.
- Consider contactless payment. The best way to protect against physical devices that steal your card information is to simply avoid them altogether. Contactless payment—like Apple Pay, Android Pay and Google Pay—make paying simple and streamlined.
- Choose your ATM strategically. Only use ATMs that are in high-traffic areas or banks to reduce the chances of them being compromised.
- Check for tampering. Wiggle the card reader or slot before inserting your card. A traditional skimmer will come off. If your card doesn’t go into the slot smoothly, this could be a sign of a shim inside. Consider choosing a different ATM.
- Be cautious at the pump. If you choose to pay at the pump, choose a pump that is closest to the store and in direct view of an employee. If you’re skeptical, the safest option may be to pay the attendant inside.
3 Action Items for Victims of Shimming
Banks have some fraud detection technology in place that may catch suspicious activity before it becomes problematic, but it doesn’t catch everything. If you suspect you’ve fallen victim to skimming or shimming, you’ll want to act swiftly.
- Contact your credit card issuer right away. They’ll cut off card access and send you a new card if needed.
- Call the business where you think the shimming happened so that they can check their card readers for signs of tampering.
- Alert your local law enforcement and the Federal Trade Commission. They may be able to notice a wider pattern and stop other consumers from becoming victims.
Taking extra safety precautions may seem like a burden at first, but protecting your finances is worth the effort. Remember to pause before you make any transaction to ensure the conditions are safe, even if you’re in a hurry.
Identity theft and fraud can temporarily wreak havoc on your credit score, but the effects don’t have to be permanently devastating. Work with a credit repair firm to help dispute any inaccurate items caused by a scammer to help get your credit back to where it should be.
Reviewed by John Heath, Directing Attorney of Lexington Law Firm. Written by Lexington Law.
Born and raised in Salt Lake City, John Heath earned his BA from the University of Utah and his Juris Doctor from Ohio Northern University. John has been the Directing Attorney of Lexington Law Firm since 2004. The firm focuses primarily on consumer credit report repair, but also practices family law, criminal law, general consumer litigation and collection defense on behalf of consumer debtors. John is admitted to practice law in Utah, Colorado, Washington D. C., Georgia, Texas and New York.
Note: Articles have only been reviewed by the indicated attorney, not written by them. The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, reviewers, contributors, contributing firms, or their respective agents or employers.