Newest Attack on your Credit Card: ATM Shims
Shimming is the newest con designed to skim your credit card number, PIN and other info when you swipe your card through a reader like an ATM machine. The shim is the latest attack being used by criminals to steal your credit card info at the ATM or other Pin Entry Device. According to Diebold, ” The criminal act of card skimming results in the loss of billions of dollars annually for financial institutions and card holders. Card skimming threatens consumer confidence not only in the ATM channel, but in the financial institutions that own compromised ATMs as well.”
Shimming works by compromising a perfectly legitimate card reader (like an ATM) by inserting a very thin flexible circuit board through the card slot that will stick to the internal contacts that read card data. The shim is inserted using a “carrier card” that holds the shim, inserts it into the card slot and locks it into place on the internal reader contacts. The carrier card is then removed. Once inserted, the shim is not visible from the outside of the machine. The shim then performs a man-in-the-middle attack between an inserted credit card and the circuit board of the ATM machine. See the image below for an example of what a skim looks like inside the ATM.