How does a skimmer work and what does it contain

chushpan

Professional
Messages
696
Reaction score
463
Points
63
A skimmer is a device used by carders to steal data from bank cards. It reads information from the magnetic strip of the card or records the data of the entered PIN codes. Skimming is illegal and is prosecuted by law, as it violates the rights of users and damages financial systems. Let's consider how a skimmer works and what it contains.

1. What is a skimmer?​

A skimmer is a hardware or software device that fraudsters install on ATMs, POS terminals (in-store payment terminals) or other devices that use bank cards. Its main purpose is to read data from the card's magnetic strip or record the PIN code.

2. How does a skimmer work?​

a) Installing a skimmer​

  • Fraudsters install a skimmer on the card reader (the place where the card is inserted) of an ATM or terminal.
  • The device can be surface-mounted (installed on top of the original card reader) or built-in (inside the device).

b) Reading data from the magnetic stripe​

  • When a user inserts a card, the skimmer reads data from the magnetic strip. This data includes:
    • Card number.
    • Cardholder name.
    • Validity period.
    • Other service data (eg Service Code).

c) Recording the PIN code​

  • To complete the attack, the scammers need a PIN code. To do this, they can use:
    • Hidden cameras: Installed near the ATM keypad to record the characters entered.
    • Overlay keyboards: Installed over the original keyboard and record keystrokes.

d) Data extraction​

  • Fraudsters periodically extract data from the skimmer. This can happen physically (removing the device) or remotely (via Bluetooth, Wi-Fi or GSM module).

3. What does the skimmer contain?​

The skimmer consists of several components that work together to steal data:

a) Magnetic reader​

  • The main element of the skimmer, which reads data from the magnetic strip of the card.

b) Data storage module​

  • The device stores the read data. This can be:
    • Built-in memory.
    • MicroSD card.
    • Remote server (via Bluetooth, Wi-Fi or GSM).

c) Camera or overhead keyboard​

  • To record a PIN code, fraudsters use:
    • Miniature cameras mounted above the keyboard.
    • Overhead keyboards that register keystrokes.

d) Wireless module (optional)​

  • Some skimmers are equipped with modules for remote data transmission:
    • Bluetooth.
    • Wi-Fi.
    • GSM (via SIM card).

e) Power supply​

  • Skimmers are usually battery or rechargeable powered.

4. Types of skimmers​

a) Surface mounted skimmers​

  • Installed over the original card reader.
  • Easy to spot upon close inspection.

b) Built-in skimmers​

  • They are installed inside an ATM or terminal.
  • Harder to detect but take longer to install.

c) Encryption skimmers​

  • Capture data from the card chip if the terminal does not support encryption.
  • This type of skimmer is more complex and expensive.

d) Bluetooth/GSM skimmers​

  • They transmit data to fraudsters remotely via wireless technologies.

5. Where are skimmers used?​

a) ATMs​

  • The most common target for installing skimmers.
  • Fraudsters choose ATMs in secluded locations to minimize the risk of detection.

b) POS Terminals​

  • Skimmers can be installed in stores, restaurants or gas stations.
  • Often used by employees working with terminals.

c) Automobile pumps​

  • Carders install skimmers on self-service terminals at gas stations.

6. How to protect yourself from skimmers?​

Here are some tips to help you avoid having your card details fall into the hands of fraudsters:

a) Inspect the device​

  • Check the card reader and keyboard for suspicious elements.
  • Pull on the card reader: if it comes off easily, it may be a skimmer.

b) Use secure ATMs​

  • Choose ATMs inside bank branches or in crowded places.
  • Avoid using devices in secluded or poorly lit areas.

c) Close the keyboard​

  • When entering your PIN, always cover the keypad with your hand to hide the characters you are entering.

d) Use cards with a chip​

  • EMV chips contain encrypted data that is difficult to copy.

e) Check your statements​

  • Check your accounts regularly for suspicious transactions.
  • Report any unauthorized transactions to your bank immediately.

7. Legal consequences​

Using skimmers to steal data is a criminal offense. Most countries have severe penalties under law, including:
  • Imprisonment.
  • Large fines.
  • Confiscation of property.

8. Conclusion​

Skimmers pose a serious threat to the security of bank cards. However, modern technologies such as EMV chips and transaction monitoring systems have made life much more difficult for fraudsters. To protect your data, it is important to be careful when using cards and follow security recommendations.

If you notice a suspicious device or become a victim of fraud, contact your bank and law enforcement immediately. Remember that using skimmers or participating in their creation is a criminal offense and can lead to serious legal consequences.
 
Top