What is credit card skimming and how to prevent it in your business

Saturday, January 03, 2015

Credit card theft does not always involve someone using stolen card numbers to make purchases online, or taking a lost card on a shopping spree at the mall, as many people may imagine. Nowadays, there are many ways for credit card theft and fraud to occur that are sneakier, and the cardholder won’t realize it has happened until it’s too late.

Credit card skimming is a serious (and frighteningly common) way that credit card data is stolen. Here, we’ll tell you what skimming is, how and where it occurs, and what you can do to keep your small business safe, so you don’t end up with a liability.

What is credit card skimming?

It is crucial for business owners to be aware of the process of credit card skimming so that they can be on the lookout for any potential fraudulent activity on their premises.

Credit card skimming is a method of stealing credit card information while they are used at the point of sale (POS). This includes ATM machines, card readers at gas pumps, and other places where a card can be inserted for chip or magnetic strip reading. The process involves hardware that is installed on the actual card reader that is able to read the chip while the POS reads and processes it, and then this information is delivered to its recipient.

How does it work?

Here is the most common way that skimming takes place:

1. A separate device or equipment is installed onto a card reader.

This equipment includes a card slot and additional reader which is able to pick up the card data while the POS reads the card. There may also be additional equipment involved to pick up PIN information from cameras located above the PIN pad (also referred to as PIN-entry devices, or PEDs), or an overlay, which is like a PIN pad model placed over the real pad to capture digits as they are entered.

2. The data is transmitted to the recipient, who may be nearby.

Recent technology allows this data to be transmitted electronically, meaning that the culprit can be nearby, obtaining the information as it is read from the skimming device.

3. Data can be used to withdraw funds from an ATM or used to make purchases right away.

What makes skimming a significant threat to security is the ease and regularity in which it happens. And this is not limited to remote gas pumps or ATMs.

Where can it happen

Skimming can occur at:

  • Gas pumps
  • Countertop credit card readers
  • ATMs
  • Employees using alternate readers

How can businesses prevent credit card skimming

As a business owner, you risk losing money and merchandise through fraudulent transactions. When these transactions occur, the credit card company will refund the cardholder for the amount that was taken from them, meaning that money will be pulled from your merchant account and refunded, but you’ll be out that merchandise as well.

If this refund occurs by means of a chargeback, your business could suffer not only the cost and merchandise, but also up to a whopping 300% in fees.

Here are some ways that you can work to prevent credit card skimming:

Inspect hardware (pumps, countertop credit card readers and POS)

The first way to be proactive against fraudsters is to carefully inspect your hardware and monitor for suspicious behavior. If a card reader appears wobbly or looks unusual, these are the first ways to catch potential skimming activity. Always be aware of the machinery your business uses to process credit card transactions and be on the lookout for suspicious activity at these readers.

Ensure employees are only using authorized POS hardware

Some fraudulent activity may occur on unauthorized POS hardware, or that hardware may be tampered with if left unattended. It is crucial to treat the POS as cash; keep it locked up when out of use, and always carefully monitored to prevent tampering.

Keep an eye out for the following warning signs:

  • Any scratching, peeling, or denting on the hardware, especially near the terminal
  • Serial numbers, manufacturing names and numbers, security seals that are incorrect or tampered with
  • PEDs in the wrong location
  • Incorrect number of connections to the POS terminal, differently colored cables, severed cables

Accept EMV/chip card

One of the best ways to prevent credit card fraud and protect your customers from hackers is to use a chip reader (also called EMV) at your POS. Now, many businesses are required to use EMV readers, but not all industries are, so it’s important to be aware of the risk that can be cut by using them.

The EMV is read either by chip or by tap at the POS. The way these chips are developed, with significant data encryption, makes card and cardholder data much more difficult to steal than a magstripe. The use of EMV chip cards and EMV readers have proven to aid in the decline of in-person credit card fraud, and continue to be one of the most significant ways to keep data secure.

Report suspected credit card fraud quickly

Most importantly, be prepared to report credit card fraud or suspicious activity as soon as you notice it. This is the best way to stay on top of skimming and other credit card theft, protect your consumers and your business.

Credit card theft is no joke, especially as a small business owner who inevitably suffers the worst by losing merchandise and revenue as a result. There is also the threat of getting stuck in a lawsuit for not ensuring that your payment systems are secure, and out of the hands of hackers and fraudsters. We hope that this article helps you understand credit card skimming and the risks that come with it, but also empowers you with the knowledge and tools necessary to prevent skimming at your business.


Heartland is the point of sale, payments and payroll solution of choice for entrepreneurs that need human-centered technology to sell more, keep customers coming back and spend less time in the back office. Nearly 1,000,000 businesses trust us to guide them through market changes and technology challenges, so they can stay competitive and focus on building remarkable businesses instead of managing the daily grind. Learn more at heartland.us.