Credit cards were invented to make transactions fast and easy. In fact, about 1,700 credit card transactions occur every second in the United States alone!
So for you, swiping a credit card might be a normal thing to do every day. However, at the end of the month, you see things you’ve never even paid for on your credit card statement. In this situation, you might be a victim of a process known as credit card skimming.
What is credit card skimming?
Skimming is the process of using devices called skimmers to read card information, essentially stealing a card’s data. Credit card skimmers are devices that are illegally attached to any sort of transaction device, such as ATMs or the ordinary credit card machines your parents use to swipe their cards at the grocery store. They can even be located on fuel gas pumps, where your family goes to refill their gas tanks!
The point is that skimmers can be located anywhere and can be reading your information at any time, so be careful!
How do skimmers work?
Generally, when a cardholder swipes a magnetic stripe card (the most common card type) through the card reader, the reader decodes the data embedded within your card’s magnetic stripe. The magnetic stripe consists of three horizontal stacked tracks of iron-based particles embedded within the card’s plastic film, each track storing different amounts and types of data.
Tracks 1 and 2 contain the card number and expiration date, which are crucial in processing payments and verifying transactions. Track 3, which is rarely used nowadays, is mostly used to store customized information for purposes like entering restricted areas that require cards for entry.
The major flaw of the magnetic stripe card, however, is that its data is static, meaning it doesn’t change, allowing criminals to copy your data easily. The illegally-installed skimmer is able to mimic the card reader by accessing the card’s data through its magnetic stripe, including the card number, expiration date, and cardholder’s name. This data is then used by criminals to either create duplicate cards or make online transactions.
Hackers use the same tricks on debit cards too. If you use a debit card, you might remember typing in your personal identification number, or PIN. In this case, hackers can use skimmers with keypads that track what PIN you punch in your pin; they may also use tiny cameras to record finger movement and eventually determine the PIN number, opening access to private information stored on the debit card.
The Future of Secure Transactions
Magnetic stripe cards are usually the norm for credit card transactions, but obviously, they can be easily hacked. The main source of fraudulent charges is gaining access to the credit card number or debit card PIN. Due to this security flaw, companies are now embedding small chips into both credit and debit cards, preventing access to the card number or PIN itself.
These tiny, embedded chips are called EMV chips, which use dynamic authentication instead of the static, unchanging data used by magnetic stripe cards. That means that EMV chips are able to generate a unique, one-time code called a cryptogram for each transaction, which then gets verified by a bank to authorize a transaction.
Even if a hacker steals that code, they can’t reuse it because a new code is generated each time. The EMV chip technology essentially makes your card data temporary, so illegally duplicating or copying the card becomes useless.
Additionally, the world is moving into contactless payment forms, such as Apple Pay, which is much safer since it relies on iPhones to make the transaction. Adding a credit card to Apple Pay doesn’t store the actual card number, but instead generates a unique device account number, or token, which is hidden somewhere in the phone’s chip.
This means that a potential hacker will only gain access to the token, but not the actual credit card number. This token can’t be traced back to your actual card information, so even if a hacker intercepted it, they can’t guess your real card number, which adds an extra layer of security.
Conclusion
The next time you make a transaction with a physical magnetic stripe card—at Starbucks, Chipotle, or anywhere else—consider the fact that hackers can gain access to your private data in a split second. Switching to contactless payment or chip cards and double-checking card readers offer full security now, but it’s best to stay cautious because as technology advances, so do the tactics of criminals.