Shimming! (Nope. That’s Not A Misspelling.)

Published in

CSTS-LPI

2 min readMar 3, 2018

The New “Stealth” Tech That Grabs Customer Info At The Card Slot

The bad guys are back. A paper-thin, card-size shim containing an embedded microchip and flash storage is the latest weapon in the cyber-thief’s arsenal. Hiding inside the “dip and wait” well on dispensers, ATM machines, and points-of-sale, it grabs data off the unsuspecting customer’s card EMV chip.

Although the scammers can’t use the chip data to clone the chip itself, they can clone the mag stripe and create a card that WILL work in situations where the merchant’s staff are too busy to enforce security protocols.

While owners, workers, and customers of chain convenience stores and truck stops are well versed in credit card skimming, few individual mom and pop convenience stores are aware yet that this new high-tech device can be slipped in unnoticed. Hiding unseen in the the mouth of an ATM, gas dispenser, or point-of-sale receiver, it can steal customer data day in, day out until the 6 O’clock news team shows up that the merchant’s door.

Over the past 18 months, we have seen this new technology proliferating at gas stations, ATM machines, and truck stops. The technology is a card-size, paper-thin “shim” that encloses a microchip and flash storage within.

Shimming has seen a huge spike compared to the traditional skimming mainly because criminals have the ability to install the devices even while under surveillance. It looks as if the perpetrator is simply using their credit card to make a transaction (note the real life example from a gang in Pennsylvania https://youtu.be/fdKrSQUV5qU).

To receive up-to-the-minute updates as we push more information out regarding how to protect against shimming, traditional skimming, and other threats you can subscribe to our news feed right here.

Shimming! (Nope. That’s Not A Misspelling.)

Written by Gov|John