Skimming attack definition
A skimming attack is when cybercriminals gain unauthorized access to cardholders’ financial information through an EFTPOS terminal or an ATM. Fraudsters may use various methods to steal card information, the most advanced being a small skimming device configured to read a payment card’s magnetic strip information (or a microchip).
Types of skimming attacks
- Hand-held point-of-sale skimming: An insider (a store clerk or a waiter) uses a skimming device to copy payment card details. Once the cardholder swipes their credit card in a skimming device, their information is captured and stored in a magnetic stripe and is available for download later.
- POS swaps: Fraudsters replace a secure POS device with one with compromised protection features. The devices copy and collect card details from all customer transactions. Cybercriminals return to replace the skimming devices and steal the copied payment information.
- Self-service skimming: These attacks use self-service terminals (like ATMs or gasoline pumps). Fraudsters pose as technicians to access service terminals and install a skimming device. The attackers connect the devices directly to the service terminals’ keypads and card readers. Once the user swipes them, they can copy card PINs and other information.
- Dummy ATMs: They resemble actual entry-level and smaller ATMs but don’t dispense any cash. Cybercriminals usually set up these ATMs in high-traffic areas to collect card PIN details and data once the user inserts their card.