'Shimming' - The ongoing threat

    What is 'Shimming'?

      To give you a quick answer, it is an evolved skimming technique that uses augmented Point Of Sale machines and terminals to capture and store your credit card data, that data is then accessed remotely (normally via Bluetooth) by the skimmer and downloaded onto their device.

      What makes this a threat is that even with your powerful Skim Guard technology, you still have to separate the card from the protective field in order to pay for your goods, otherwise if you didn't, your card wouldn't work, and that is where 'Shimming' is getting people.

      Augmented POS terminals used for 'Shimming' make use of the POS ability to process card transactions and its power source. From the exterior they are identical to the real machines however on the inside you will find an additional circuit board with an SD card attachment for capturing data and a Bluetooth transmitter for sending that data. Now you have all the ingredients needed for skimmers to nab your cards details.

      It used to be that this kind of skimming setup was risky for the skimmer since they had to return to the device to physically disassemble it to get access to the SD cards captured data - greatly increasing the risk they will get caught, increasing the risk continued tampering with the device will leave visible signs - and thus be spotted. These limitations somewhat reduced the frequency at which skimmers can acquire your details.

      This all changed with Bluetooth technology getting better, with the addition of small and powerful Bluetooth transmitters into the mix, skimmers don't need to get close, let alone interface with the device in order to get access to the captured data, this can all be done at a distance via a Bluetooth compatible device, such as a smartphone.

      Similar skimming setups have been found at gas stations an ATM's and there seems to be increasing reports in the news of these kind of setups being discovered. Thankfully there are apps you can get these days that detect Bluetooth skimming device signals and warm you of such possible threats.

      The best defense here is vigilance. As a merchant only use the POS the bank provides, if anyone comes around claiming they have an updated POS device for your business, or need to check your machine to make sure the latest features are operational check their credentials with your bank and make sure they did actually send a representative out for the intended task. It is a safe assumption that if your bank knows nothing of the service you are likely dealing with a skimmer looking to augment your POS machine or replace it with an already augmented one.

      As a customer, shop at your trusted stores, keep an eye out for any shabby looking POS machines that look like they aren't aligning quiet right and as always take care of yourself out there in the big wide world of technology.

      ← Previous post
      Next post →