Have you ever wondered how customers could slide their cards through and enter their PINs on a compromised payment terminal without even noticing? While some skimming schemes involve Bluetooth transmitters and require disassembling the device, installing a skimmer can be as simple as snapping an identical part over an existing card reader.
That’s what independent security reporter Brian Krebs saw recently: a skimmer pulled from a payment terminal at a Safeway store. You’ve probably used dozens of Verifone brand terminals just like it in your shopping life. The skimmer is very simple: it looks exactly like the parts of the device that it snaps over, only it captures users’ card numbers and PINs almost invisibly.
Payments still go through fine, and a retailer would only notice that something was amiss while checking their equipment, if a customer complained, or if the scammer were caught in the act while placing or removing the skimmer.
How can you protect yourself from invisible skimmers? The simplest way may be to use the chip reader instead of the magnetic stripe reader, as long as your bank has issued chip cards and the retailer has activated EMV payments. When that isn’t an option, try simply pulling on the device: a temporary cover will snap off.
Safeway Self-Checkout Skimmer Close Up [Krebs on Security]