In 2025, card skimming remains a significant issue facing both retailers and consumers. As reported by the Federal Bureau of Investigation, card skimming is reported to cost consumers and financial institutions over $1 billion USD per year. At Havis, we pride ourselves on helping retailers of all types and sizes protect their business and their customers with innovative anti-skimming stands and security accessories. In this blog, we will explore what card skimming is and what can be done to prevent it as part of a robust, well-rounded payment security strategy.
What is Card Skimming?
‘Card Skimming’ is a criminal activity involving the installation of illegal equipment onto a point of sale or payment system, whether this be a payment terminal, automated teller machine (ATM), or gas station pump. The aim of card skimming is the theft of valuable debit or credit card information, which can then be used for various illegal/fraudulent purposes. As suggested, the types of cards that can be compromised include credit and debit cards, as well as Electronic Benefit Transfer (EBT) cards.
According to the Payment Card Industry Security Standards Council (PCI SSC), there are two main kinds of skimming that can occur.
Skimming from Consumer Payment Cards
The first kind of skimming occurs when data is stolen directly from the customer’s card. This often happens as a result of criminal intent from the retailer and/or its employees, wherein direct access to customer cards means they can more easily go undetected.
Skimming from Payment Infrastructure
The second kind of skimming occurs when criminals target the payment ‘infrastructure’ itself. This infrastructure can include the payment hardware (the payment device plus any wires and ports), as well as its physical location.
Card Skimming Methods
Over the years, skimming technology has advanced significantly, having become increasingly sophisticated and difficult to identify. There are now several methods that criminals employ to steal card data from unsuspecting customers and retailers.
Keypad Overlays
One of the most common approaches involves a duplicate keypad being glued over the top of the original keypad in order to record the user’s Personal Identification Number (PIN). Due to their small size and similar look and feel to the real keypad underneath, keypad overlays can be easy to miss.
Skimming Devices or Faceplates
Another common technique is the installation of skimming devices or ‘faceplates’. More complex than keypad overlays alone, these devices are designed to look identical to the original payment terminal or ATM underneath, making them challenging to detect once installed. In turn, they are designed with speed and stealth in mind, allowing criminals to snap them into place without employee or bystander detection.
Port Access
If technology is unmounted and easy for members of the public to access, device ports can be another pathway for data breaches to occur. For example, if payment terminals are left unattended or are in a location which is difficult for employees to monitor, criminals may find it easier to plug into device ports and steal sensitive transaction data.
Hidden Cameras
Another worthwhile mention are hidden cameras. Often used in conjunction with the other skimming methods outlined above, these ‘pinhole’ cameras are commonly used in locations where they can be easily concealed (e.g. ATMs).
The Impacts of Card Skimming
Data Theft
The primary and most serious consequence of card skimming is data theft. By installing discrete and hard-to-detect skimming devices, criminals can easily capture sensitive payment information. This data is then sold or is used to make fraudulent purchases, to create cloned credit and debit cards and in some cases, even used to commit identity theft. Given these consequences, payment security is evidently vital and must be taken seriously by both retailers and consumers.
Technology Damage
Card skimming devices can cause damage to point of sale technology as they are often secured with strong adhesives. When skimming devices are discovered and removed, this glue can damage the technology underneath. Such damage can have a two-fold financial impact; firstly due to the cost of replacing or repairing such technology and secondly, due to the device downtime and potential loss of sales which could result.
Negative Consequences for Brand Image
Ultimately, if consumers have their data stolen and/or perceive a retailer’s payment security to be poor, it is feasible that this will reflect negatively on the brand. Maintaining high standards of payment security is essential to cultivating a strong, positive brand image.
How To Combat Card Skimming
Given the rise in card skimming and the challenges it brings, it is vital for retailers of all types and sizes to have a robust payment security strategy in place. There are a number of best practices and recommended security measures that retailers can follow in order to protect both their business and their customers.
Best Practices for Businesses
Regular Inspections
As part of any good payment security strategy, conducting risk assessments to identify vulnerabilities within current payment systems is crucial. Retailers should implement a regular inspection schedule wherein employees are required to inspect points of sale for signs of tampering.
There are several tell-tale signs that skimmers have been installed and consequently, that payment security has been compromised. Some of these include:
- Loose, damaged or unsymmetrical parts: If any parts of the device appear to have been damaged or look to be loose or uneven.
- Differences in coloring or materials: If certain parts of the device are a different color or texture.
- Dried glue: If there is residue from the adhesives used to secure the keypad overlay or card skimmer to the technology underneath.
If staff members identify any of these issues, it is vital that they report them immediately to upper management and cease operations from compromised points of sale until further notice.
Adequate Surveillance & Security
The type of retailer and its payment infrastructure can significantly influence the likelihood of card skimming occurring. For instance, criminals may be more likely to target retailers whose payment technology they know is unmonitored or easy to access. As follows, ensuring the point of sale is covered by adequate surveillance measures is key. Plus, by making the presence of surveillance cameras and other security measures obvious, it is possible that criminals may be deterred. Additionally, ensuring secure data transmission through encryption protocols like SSL and TLS and implementing a network security firewall is also helpful in protecting payment infrastructure from unauthorized access.
Adherence to PCI DSS Requirements
Retailers should seek to meet the various requirements and standards set out by the PCI SSC. These standards cover many aspects of payment security and have undergone numerous iterations since the PCI SSC launched in 2006. Given the negative impacts that card skimming can have, compliance with these standards is crucial – no matter the type or size of business.
Technology Mounting & Storage
Another major way that businesses can improve security at the point of sale is through the use of robust technology mounting and storage solutions. With reliable payment terminal stands such as those from Havis, retailers can keep valuable technology safe from criminal activity like card skimming. Plus, with secure storage for technology when it is not in use, retailers can further protect payment technology from theft and other forms of tampering.
Anti-Skimming Solutions & Accessories
Whether built into payment terminal stands themselves or available as add-ons, anti-skimming solutions are increasingly essential. As an industry-leader, Havis provides a range of innovative anti-skimming stands and accessories. From rear-locking brackets to upper and lower anti-skimming add-on kits, Havis designs solutions which have already helped thousands of businesses safeguard against card skimming.
Best Practices for Consumers
There are also a number of things that consumers can and should do in order to protect themselves from card skimming and its consequences.
Practice Increased Vigilance
First and foremost, consumers must remain vigilant to the possibility of card skimming. For example:
-
Before swiping or inserting their card, consumers should inspect the point of sale and report anything questionable to the retailer.
-
While completing a transaction, whether this be at a countertop card reader, an ATM, or a fuel pump, individuals should be vigilant of ‘shoulder-surfers’ who may linger around points of sale with ill-intent.
-
Consumers should always consider the possibility of hidden cameras, ensuring they cover the keypad (e.g. with their other hand) while entering their PIN.
Monitor Bank Activity & Report Any Issues
Consumers should also practice increased vigilance with regards to their bank statements and card activity. It is vital that consumers monitor their accounts for any suspected fraudulent transactions, as card skimming can easily lead to significant financial losses. Armed with the required (stolen) data, criminals can easily wipe a customer’s entire balance. Consumers should immediately report any questionable debit/credit card transactions that appear on their bank statements as this limits their liability and increases the likelihood of recouping their money.
Conclusion
Considering the rise in card skimming and the losses that can result, it is more important than ever for both businesses and consumers to remain hyper-vigilant. Retailers of all types and sizes should proactively implement robust payment security strategies which span all aspects of payment security (i.e. the payment gateway, the payment technology and the associated payment mounting hardware). As an industry-leading provider of innovative payment mounting and anti-skimming solutions, retailers can trust in Havis as a key payment security partner.
To learn more about Havis’s innovative anti-skimming solutions, visit our new landing page.
ABOUT HAVIS
Havis, Inc. is a privately held, ISO 9001-certified company that is the leader in providing robust and reliable end-to-end technology mounting and mobility solutions in demanding environments. The Havis legacy dates back over 80 years as a trusted designer and manufacturer of critical equipment that ensures technology is accessible, secure and reliable.
Havis’s engineering and manufacturing teams are committed to consistently researching and developing unique products and solutions for a range of industries worldwide. With headquarters in Warminster, PA, and additional locations in Plymouth, MI, Burnsville, MN, and in the UK, Havis currently employs more than 400 team members. For more information on Havis, please call 1.800.524.9900 or visit http://www.havis.com.
