Criminals have come up with a new way to steal your payment information when you use a chip credit card, also known as an EMV credit card.
The Better Business Bureau (BBB) is warning that scammers are using a technique called “shimming.”
Shimming, not skimming: The new way to steal credit card data
With shimming, scammers insert a paper-thin, card-sized device with an embedded microchip and flash storage into the slot where you enter your chip credit or debit card.
When you put your card into the reader, the device copies and saves your payment information.
According to the BBB, scammers use a special card to collect the data and can then make purchases with your stolen PIN and card number.
Cybersecurity blogger Brian Krebs first reported on shimmers in 2015 and posted pictures on his website.
According to CreditCards.com, scammers won’t be able to clone an actual chip card, but they could potentially use the data to print a traditional magnetic stripe card.
Here are three tips from the BBB to protect yourself from shimming:
- Use contactless payment methods. Contactless payment methods are not vulnerable to shimming. Try using “tap-and-go” features on your credit card instead of swiping or inserting your card.
- Keep a close eye on your bank and credit accounts. Check your online statements regularly to make sure there are no suspicious charges. If you see any, report them to your bank or credit card company immediately. Use the customer service number on the back of the card to be sure you are reaching the real company and not an imposter.
- Be wary if your card gets stuck in a chip reader. If the reader seems to have a tighter than normal grip on your card, there could be a shim inside. You may want to cancel your transaction and notify the business.
If you become the victim of a shimming hack — and the chances are slim — call your credit card company and report it so that you’re not held responsible for any fraudulent charges.