PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

Shimmers and Skimmers: Fraudsters Find Opportunity in EMV Chip Cards

Brian Riley by Brian Riley
July 2, 2018
in Analysts Coverage
0
fleet card

fleet card

30
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

Just after the U.S. Market re-carded almost a billion payment cards, dark, new technologies attempt to reduce fraud effectiveness.  Chips were designed by French banks in the mid-1980’s to counteract counterfeit fraud.  In some instances,  the magnetic stripe on pre-paid cards could recode information garnered by a card-skimmer.  The Skimmer would capture mag-stripe data, and the fraudster would merely recode the magnetic stripe data onto the card.

Visa and Master card report significant reductions in counterfeit fraud since EMV chips rolled out in the U.S. market, but the benefit may be short-lived as this article states.   Moreover, the new buzz-word that identifies the criminal act evolves from “skimming” to “shimming.”  Instead of copying the magnetic stripe data, shimming attacks the EMV chip.

  • EMV chip cards addressed the vulnerability of magnetic strip credit cards, namely credit card skimming. In this scam, a device is physically attached to a gas pump, ATM, or point of sale machine to capture your account information without your consent.

  • Once this information is obtained, a counterfeit card can be created to make purchases or withdraw cash from your account.

  • However, consumers who upgraded to chip cards may have prematurely breathed a sigh of relief, because thieves have found a new way to exploit chip-enabled cards through credit card shimming instead of skimming.

The potential risk here is not the chip itself but rather on the issuing bank’s execution of setting up the card security.  Banks must trigger encoding functions on the card to be adequately secured.

  • An important distinction is that skimming devices read information from the magnetic strip on the back of the card, while shimmers contain microchips specifically designed to capture data contained in the EMV chip as soon as you insert your card into an ATM or point of sale machine.

  • Credit card skimmers are often bulky and wobbly, but shimmers are paper-thin. While you might be able to identify a credit card skimmer since it sits on top of the original card reader, the unfortunate truth is that you cannot see a shimmer with your naked eye.

  • It is installed in the card reader itself, often by a crook pretending to make a transaction.

  • While this might sound like the EMV cards have failed, there is more to the story. Chip cards still contain an additional level of security that magnetic strip cards lack, but if a bank fails to perform a critical verification step, then you might have a problem.

There are a few takeaways.  Fraudsters are just as innovative than banks.  They look for holes and exploit weaknesses. These criminals are just as creative as bank programmers and waste no time in their attacks.  Banks, payment networks, and vendors are persistently developing new techniques, such as tokenization, and you can be sure fraudsters are not far behind.  Predictive tools like FICO Falcon and ACI’s Proactive Risk Manager remain key tools to manage the function and prosecute the infiltrators.

Overview by Brian Riley, Director, Credit Advisory Service at Mercator Advisory Group

Tags: ACI WorldwideEMVemv cardsFICOfraud
30
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily

    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Mercator Advisory Group analysts and industry professionals.

    Must Reads

    live shopping, ebay

    Q&A: eBay Exec on Live Shopping and the Future of Payments

    March 24, 2023
    AI and Biometrics in Regulatory Compliance in Finance

    The Importance of AI and Biometrics in Regulatory Compliance in Finance

    March 23, 2023
    Everyone Benefits from the Real-Time Payment Networks  

    Everyone Benefits from the Real-Time Payment Networks  

    March 22, 2023
    commercial payments

    Optimizing Commercial Payments in the Digital Age

    March 21, 2023
    cross-border payments

    Cross-Border Payments: Fighting
    E-Commerce Fraud Using Data

    March 20, 2023
    fraud, ChatGPT-4

    How to Fight Fraud While Still Enabling a Great Online Customer Experience

    March 17, 2023
    RTP

    Financial Institutions Without an RTP Strategy Risk Being Left Behind

    March 16, 2023
    visa chargeback

    New Visa Chargeback Guidelines Will Be a Game Changer

    March 15, 2023

    Linkedin-in Twitter

    Advertise With Us | About Us | Terms of Use | Privacy Policy | Subscribe
    ©2023 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    Menu
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • Recent News
    • Resources
    Menu
    • Industry Opinions
    • Recent News
    • Resources
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result

      Register to download the Payoneer eBook: