Credit card “shimming”: the new skimming

REVIEWED BY Sarah Raja |

The information provided on this website does not, and is not intended to, act as legal, financial or credit advice. See Lexington Law’s editorial disclosure for more information.

Credit card shimming is an updated version of skimming that reads credit card chip information, allowing the card to be duplicated or its information to be sold illegally.

Chip-enabled cards were designed to prevent instances of identity theft and fraud by adding an additional layer of security. That is, until criminals began credit card “shimming.”

Shimming is an updated version of skimming that reads credit card chip information, allowing the card to be duplicated or its information to be sold illegally.

Shimming vs. skimming

Before chip-enabled cards, skimming was a method of identity theft that would read a card’s magnetic stripe. Shimming is largely the same concept, but instead of reading the stripe, skimmers read the information in the card’s chip.

Both skimming and shimming require the fraudster to attach or insert a mechanism into a card reader in order to gather the information. These can be tricky to spot for unsuspecting consumers, but understanding how they work will help you be more aware the next time you insert your credit or debit card.

How credit card shimming works

Credit card shimming works by inserting a small device called a “shim” into a card reader. Unlike skimmers—which were typically bulky and easily detectable if you knew what to look for—shims are small and subtle.

Whenever a chip-enabled card is inserted into the reader, the shim collects its data. Then, the scammer collects this data by inserting what looks like a regular card into the reader. This makes it difficult to spot suspicious activity, as it appears the scammer is making a regular transaction.

As the technology currently stands, scammers aren’t able to create an exact duplicate of chip-enabled cards based on the shimming data they collect. They are, however, able to create a version of the card with a magnetic stripe only—which many retailers still accept.

How to spot a credit card shimmer

It can be quite difficult to spot a credit card shimmer or skimmer, but there are key questions to help you determine your risk at any transaction:

  • Does the card slot look misaligned?
  • Does it take more effort to insert your card?
  • Does the credit card reader move around when you touch it?
  • Does it look like anything is blocking the credit card slot? Has something already been inserted?
  • Are the buttons on the card reader hard to push?
  • Does anything about the reader look unusual (colors, font, etc.)?
  • Is there security tape on the card reader? Is it broken or tampered with?

If you’re doubtful about whether an ATM has been affected, it’s best to try another ATM or go to a bank teller if possible. If you’re unsure about a transaction, consider paying in cash or using a contactless payment method, such as your mobile device’s virtual credit card wallet.

How to keep your card secure

While identity theft is not always avoidable, there are some habits you can incorporate to make sure you’re as protected as possible.

  • Consider contactless payment. The best way to protect against skimmers that steal your card information is to simply avoid them altogether. Contactless payment—like Apple Pay, Android Pay and Google Pay—make paying simple and streamlined.
  • Choose your ATM strategically. Only use ATMs that are in high-traffic areas or banks to reduce the chances of them being compromised.
  • Check for tampering. Wiggle the card reader or slot before inserting your card. A traditional skimmer will come off. If your card doesn’t go into the slot smoothly, this could be a sign of a shim inside. Consider choosing a different ATM.
  • Be cautious at the pump. If you choose to pay at the pump, choose a pump that is closest to the store and in direct view of an employee. If you’re skeptical, the safest option may be to pay the attendant inside.

3 action items for victims of shimming

Banks have some fraud detection technology in place that may catch suspicious activity before it becomes problematic, but it doesn’t catch everything. Luckily, the Fair Credit Billing Act says you’re not responsible for any unauthorized charges once you report your card as stolen. So, if you suspect you’ve fallen victim to skimming or shimming, you’ll want to act swiftly.

  1. Contact your credit card issuer right away. They’ll cut off card access and send you a new card if needed.
  2. Call the business where you think the shimming happened so that they can check their card readers for signs of tampering.
  3. Alert your local law enforcement and the Federal Trade Commission. They may be able to notice a wider pattern and stop other consumers from becoming victims.

FAQ

How does credit card shimming work?

Shimmers are devices that scan the chip in credit cards to replicate and store financial data. Someone can use this to create a knockoff of your card and sell your financial information.

What’s the difference between skimming and shimming cards?

Credit card skimming and shimming are both activities that lift the financial information from your credit card, but they target different places where the information is stored. Credit card skimmers target the magnetic strip on traditional credit cards, while shimmers target the chip you’ll find in newer credit cards.

Can chip cards be shimmed?

Chip cards can be shimmed because shimmers target chips specifically. As of the writing of this article, contactless payments are the most secure way to use your cards.

What do card skimmers look like?

Card skimmers and shimmers are made to look exactly like the regular ATM or card reader. Look for signs of poor craftsmanship or misalignment in the credit card slot because this means it may have been tampered with.

Taking extra safety precautions may seem like a burden at first, but protecting your finances is worth the effort. Remember to pause before you make any transaction to ensure the conditions are safe, even if you’re in a hurry.

Identity theft and fraud can temporarily wreak havoc on your credit, but the effects don’t have to be permanently devastating. Work with a credit repair firm to help challenge any inaccurate items caused by a scammer to help you work to get your credit back to where it should be.

Note: Articles have only been reviewed by the indicated attorney, not written by them. The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, reviewers, contributors, contributing firms, or their respective agents or employers.

Reviewed By

Sarah Raja

Associate Attorney

Sarah Raja was born and raised in Phoenix, Arizona. In 2010 she earned a bachelor’s degree in Psychology from Arizona State University. Sarah then clerked at personal injury firm while she studied for the Law School Admissions Test. In 2016, Sarah graduated from Arizona Summit Law School with a Juris Doctor degree. While in law school Sarah had a passion for mediation and participated in the school’s mediation clinic and mediated cases for the Phoenix Justice Courts. Prior to joining Lexington Law Firm, Sarah practiced in the areas of real property law, HOA law, family law, and disability law in the State of Arizona. In 2020, Sarah opened her own mediation firm with her business partner, where they specialize in assisting couples through divorce in a communicative and civilized manner. In her spare time, Sarah enjoys spending time with family and friends, practicing yoga, and traveling.
Previous Article
Next Article