PaymentsJournal
No Result
View All Result
SIGN UP
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
PaymentsJournal
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
No Result
View All Result
PaymentsJournal
No Result
View All Result

Shimmers and Skimmers: Fraudsters Find Opportunity in EMV Chip Cards

By Brian Riley
July 2, 2018
in Analysts Coverage
0
30
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
fleet card

fleet card

Just after the U.S. Market re-carded almost a billion payment cards, dark, new technologies attempt to reduce fraud effectiveness.  Chips were designed by French banks in the mid-1980’s to counteract counterfeit fraud.  In some instances,  the magnetic stripe on pre-paid cards could recode information garnered by a card-skimmer.  The Skimmer would capture mag-stripe data, and the fraudster would merely recode the magnetic stripe data onto the card.

Visa and Master card report significant reductions in counterfeit fraud since EMV chips rolled out in the U.S. market, but the benefit may be short-lived as this article states.   Moreover, the new buzz-word that identifies the criminal act evolves from “skimming” to “shimming.”  Instead of copying the magnetic stripe data, shimming attacks the EMV chip.

  • EMV chip cards addressed the vulnerability of magnetic strip credit cards, namely credit card skimming. In this scam, a device is physically attached to a gas pump, ATM, or point of sale machine to capture your account information without your consent.

  • Once this information is obtained, a counterfeit card can be created to make purchases or withdraw cash from your account.

  • However, consumers who upgraded to chip cards may have prematurely breathed a sigh of relief, because thieves have found a new way to exploit chip-enabled cards through credit card shimming instead of skimming.

The potential risk here is not the chip itself but rather on the issuing bank’s execution of setting up the card security.  Banks must trigger encoding functions on the card to be adequately secured.

  • An important distinction is that skimming devices read information from the magnetic strip on the back of the card, while shimmers contain microchips specifically designed to capture data contained in the EMV chip as soon as you insert your card into an ATM or point of sale machine.

  • Credit card skimmers are often bulky and wobbly, but shimmers are paper-thin. While you might be able to identify a credit card skimmer since it sits on top of the original card reader, the unfortunate truth is that you cannot see a shimmer with your naked eye.

  • It is installed in the card reader itself, often by a crook pretending to make a transaction.

  • While this might sound like the EMV cards have failed, there is more to the story. Chip cards still contain an additional level of security that magnetic strip cards lack, but if a bank fails to perform a critical verification step, then you might have a problem.

There are a few takeaways.  Fraudsters are just as innovative than banks.  They look for holes and exploit weaknesses. These criminals are just as creative as bank programmers and waste no time in their attacks.  Banks, payment networks, and vendors are persistently developing new techniques, such as tokenization, and you can be sure fraudsters are not far behind.  Predictive tools like FICO Falcon and ACI’s Proactive Risk Manager remain key tools to manage the function and prosecute the infiltrators.

Overview by Brian Riley, Director, Credit Advisory Service at Mercator Advisory Group

30
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
Tags: ACI WorldwideEMVEMV CardsFICOFraud

    Get the Latest News and Insights Delivered Daily

    Subscribe to the PaymentsJournal Newsletter for exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    Using the Card “Beyond” Payments to find the Holy Grail

    Using the Card “Beyond” Payments to find the Holy Grail

    May 14, 2025
    Payments Modernization

    Playing Offense and Defense: Why Now Is the Time for Payments Modernization

    May 13, 2025
    Authorization Rates

    Boosting Revenue for Merchants by Optimizing Authorization Rates

    May 12, 2025
    Why Payment Orchestration is the key to international merchant growth

    Ensuring Payment Decisions Pay for Themselves

    May 9, 2025
    cross-border

    As Businesses Reevaluate Cross-Border Relationships, Financial Institutions Can Help

    May 8, 2025
    Nacha WEB Debit Account Validation Rule Verification Solution, Quovo ACH Payment

    The Brave New Future of the Disappearing Account

    May 7, 2025
    solana financial

    After an Upgrade, Solana is Primed to Be the Blockchain of Choice for Financial Institutions

    May 6, 2025
    PAR values

    The Connecting Thread: How PAR Values Can Mitigate Fraud and Supercharge Loyalty Programs

    May 5, 2025

    Linkedin-in X-twitter
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter

    ©2024 PaymentsJournal.com |  Terms of Use | Privacy Policy

    • Commercial Payments
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    No Result
    View All Result