ATM Fraud. PHOTO: Cybercrime Magazine.

Identity Skimming: Old Threats Made New Through Technology

Consumers looking to avoid skimmer fraud are often left in the dark and vulnerable to identity theft

Scott Schober

Metuchen, N.J. – Sep. 27, 2019

Identity theft isn’t so much a single incident of theft but rather a chipping away at one’s digital identity. It’s rare for a hacker to stumble upon an individual’s Social Security number, bank accounts, login credentials, emails, etc. all at once. Such breaches typically occur as independent incidents spread among many different hackers, methods and malware over months or even years; more like identity skimming than a single theft. One of these methods currently experiencing massive growth is that of card skimmers.

In the U.S., typical victims of card skimming experience credit fraud ranging anywhere between $50 and $500. It really depends on how quickly consumers or their bank catches the fraudulent activity before it gets out of control. In any case, once the user files a credit fraud report, they usually receive the stolen funds back, but the damage has already been done. Interest rates can be raised, and consumers can lose account privileges for starters but it’s worse than that. From the time that a card is compromised by a skimmer to the time that a card is canceled, hackers all over the dark web have bought, sold and traded that data many times over and this can have severe consequences outliving the sting of simple monetary theft.

All credit and debit cards are encoded with the full name, card number, expiration date, country code and CVV of the cardholder. Besides the cards being used to make fraudulent purchases, every time a card is skimmed, hackers are getting this data as well as a timestamp of the cardholder’s activity and location. That’s a very scary proposition for consumers concerned with not only security but privacy too.



Considering how identity theft generally works, data that can be skimmed off any card is vital. Of course, once a card is reported stolen or compromised, that card number and all of its data can no longer be used to drain accounts of funds but that’s assuming that the cardholder discovers the fraudulent activity. Some cybercriminals immediately withdraw hundreds of dollars, some clone cards and disperse them to crews to make large but calculated purchases and some criminals play the long game. When cybercriminals play the long game, they tend to make infrequent and small purchases or cash withdrawals. This fraudulent activity is difficult for some consumers to detect within their own statements much less bank algorithms dedicated to flagging suspicious purchases.

To make matters worse, new skimmer laws have recently gone into effect starting in Texas. The new laws require skimmers to be reported within 24 hours of discovery or face steep fines, but as a concession to service stations, law enforcement will no longer be able to share any of these skimmer locations to the public. Consumers looking to avoid any potential skimmer fraud are left in the dark and as a result, vulnerable to identity theft. It would seem that the only proactive steps consumers can take is to closely monitor their card statements for any unaccountable activity, but this hardly feels proactive.

New skimmer task forces are being formed all the time and they require new tools to fight skimmer crimes. Such tools cannot predict or prevent the next skimmer to hit your local gas pump or ATM but they can make quick work of a normally time-intensive search for hidden skimmers. This allows smaller teams to cover more ground faster and as we know, the quicker consumers are alerted to skimming fraud, the less damage can be inflicted upon their accounts and ultimately their digital identity.

I recommend anyone concerned with credit fraud and identity theft to download a free copy of my free e-paper entitled Skimmers & Skammers available now. To learn more about card skimming and the criminals behind it, check out my new book entitled Cybersecurity is Everybody’s Business available on Amazon and all major booksellers.

Scott Schober is the CEO of BVS, Inc. He is an author, speaker, and cyber security & wireless expert at Scott Schober LLC.

Scott has presented extensively on cybersecurity and corporate espionage at conferences around the globe. He has recently overseen the development of several cell phone detection tools used to enforce a “no cell phone policy” in correctional, law enforcement, and secured government facilities. He is regularly interviewed for leading national publications and major network television stations including Fox, Bloomberg, Good Morning America, CNN, CGTN, CNBC, MSNBC and many more. He is the author of ‘Hacked Again’, his latest book as well as a contributor for Huffington Post and guest blogs regularly for Tripwire’s State of Security series. Scott also writes for Business Value Exchange, Fortune Magazine and IBM Big Data & Analytics Hub.

Scott Schober Archives