The technology expert and tech communicator Paula Santaolaya has wanted to warn about the dangers we may face when paying with credit or debit cards at establishments. To do this, she refers to a personal experience in which she witnessed a supermarket having a skimmer on one of its card readers. Have you ever heard of this term? It is a fraudulent device whose function is card cloning, apparently identical to the card reader of a point-of-sale terminal or an ATM. Through it, one can obtain the PIN and card number, as well as personal information, all of which can be used to fall victim to financial fraud by cybercriminals.
The Bank of Spain offers a series of tips to avoid becoming a victim of these devices, including rejecting help from strangers and making sure there is nothing unusual on ATMs. In addition, INCIBE also warns about the e-skimming or web skimming technique, through which cybercriminals can obtain our banking data via purchases on online platforms. However, in response to the rise of this type of fraud, the financial sector has taken action. One of the tools implemented to prevent the theft of personal data includes EMV chip cards, as well as the tokenization of the actual card data.
Risks of paying with a card
Nowadays, very few people carry cash in their wallets, as we have become accustomed to the convenience and practicality of paying by card. However, there are also more and more methods being developed by cybercriminals to obtain our personal and banking information, so we must stay alert. Technology and science communication expert Paula Santaolaya has warned about this by referring to a personal experience. She recounts that while in line at a supermarket, she witnessed a customer almost falling victim to card cloning: “I was in line, waiting to pay, when the guy looked at the card reader and said to the cashier, ‘Hey, this seems off.’ Indeed, the reader cover was partially loose”.
What is a skimmer?
This financial fraud attempt witnessed by Santaolaya was carried out through the presence of a skimmer on the store’s card reader, but what is a skimmer? It is a device virtually identical to the card reader of a POS terminal or ATM, whose function is to steal the card information, including the number and the PIN. With this information, cybercriminals can clone the card and access the bank account without any problem. “They can not only place these skimmers on supermarket card readers, but also on ATMs or any terminal,” explains Santaolaya.
Recommendations from the Bank of Spain
It is important to pay attention to certain aspects to avoid becoming a victim of this type of fraud. The Bank of Spain provides the following recommendations:
- Make sure no one is close by and avoid being observed (some ATMs have convex mirrors to see what is happening behind you).
- Refuse help from strangers or advice while using the ATM.
- Pull on the slot firmly to check for any unusual devices, tap the keypad lightly to see if it is loose, and look at the sides for any cameras.
- Cover the keypad with your hand when entering your PIN, not only at the ATM, but also whenever making any payment.If the card is not ejected from the ATM, never leave the place. First, notify the bank and the police. Activate SMS alert services, which notify you if a transaction exceeding a certain amount occurs.
- It is important that if you realize you have been a victim of a skimmer, you immediately block your card, report what happened, and request a new card.
Prevention methods
In response to this wave of new fraudulent technologies, the financial sector has implemented methods to protect users’ security. One of these alternatives is EMV chip cards. These cards generate a unique code for each transaction, making them useless to thieves. Another measure is tokenization, which involves replacing the real card data with tokens that conceal all the information.
Other fraud methods
According to INCIBE, there is another online fraud method called w-skimming or web skimming. This method involves cybercriminals accessing an online store, modifying part of its source code, and when the customer enters their personal or banking information, it is not only sent to the bank but also stolen.
