At first glance, a plastic card seems reliable. There is a PIN code, SMS notifications, and the bank is always at hand. But reality shows otherwise — deductions occur every day, owners lose funds, and fraudsters get what they want. Most attacks occur without hacking and viruses. The main activity of scammers occurs at the moment when the user is using the card themselves.
The theft usually happens unnoticed. Card skimming and shimming fraud exploit the basic human trust in technology. While the victim is confident they are simply withdrawing cash or paying for a service, the criminal is already copying their card or recording the PIN.
Shimming inside terminals and ATMs
This scheme involves internal tampering with the device itself. The client inserts a chip card to deposit or withdraw cash. But inside there is a thin board, which is not visible from the outside. It intercepts some of the information during the transfer between the card and the device.
This is called shimming fraud. The scammer cannot steal the chip itself but can obtain enough data to conduct financial transactions on behalf of the owner. This attack is especially effective if outdated software is used in the terminal.
The danger is that the terminal looks completely normal. It doesn't slow down, doesn't produce errors, and the card is returned without issues. This is why many users do not suspect that a leak has occurred. The bank may also not detect the threat immediately.
Skimming: a three-step attack
The scheme looks simple enough. The victim approaches the ATM, inserts the card, enters the PIN, and leaves. The transaction is successful, money is received. But a day or a week later, funds disappear from the card, even though it was not lost or handed to others. The reason — data copying.
In card skimming, scammers first install an overlay on the ATM that reads data from the magnetic stripe. Sometimes a small camera is placed nearby to record which numbers are entered. The second stage — using the obtained information to create a copy of the card. And finally, the theft of funds begins. Old ATMs, where the magnetic stripe reading function is not disabled, are especially dangerous.
Main user mistakes
Fraudsters use what helps them best — the victim's carelessness. In most cases, the attack becomes successful not because the technology is too complex, but because the user made a number of mistakes. The most common mistakes are:
- trusting any terminal, regardless of its appearance and location;
- inattention when entering the PIN code — especially when the keyboard is at a strange angle and visually differs from the usual one;
- disabled bank notifications about deductions;
- using one card for all types of transactions: from purchases to cash withdrawals;
- refusal of limits on financial transactions.
If the user does not monitor transactions, does not notice where and how they use the card, the security of funds is minimized. Even bank support is not always able to help. Especially if proving the fact of external interference is impossible.
The importance of the PIN code and security measures
In most cases, the target is not the card, but the code. To access the money, data from the magnetic stripe or chip is not enough — the PIN code is needed. And for this, cameras, overlays, and fake keyboards are used. To know how to protect the PIN code it is enough to remember a number of basic rules.
An obvious but important recommendation is to use only a trusted device. In addition, it is recommended to use terminals in large shopping centers or stores where video surveillance is conducted by a security system. In such places, criminals rarely manage to carry out these schemes due to constant monitoring and a large number of people around. In the case of ATMs — it is best to use those located on the bank's premises.
It is not superfluous to change the PIN code at least once every few months. This is especially important after trips to other countries or when receiving suspicious bank notifications. If the PIN remains protected, even if other data is stolen, the chances that fraudsters will get the money are reduced.
To provide additional protection for bank cards, it is necessary to understand at what stage a leak is possible and how to act at this moment. For reliable protection, the sequence of actions that develop into a habit is important.
Before inserting a card into a terminal or ATM, it is important to visually inspect the device. That means paying attention to protruding elements, unnatural details, and wobbly parts. During use, it is advisable to always cover the keyboard with your hand, even if it seems that no one is nearby. And immediately after finishing with the device, it is necessary to monitor notifications, check the balance, and at the slightest suspicion of fraudulent activity — block the card through the app or contact the bank directly.