At FICO World 2022, I hosted a session where we talked about global fraud trends like authorized push payment scams and romance scams. But here in the U.S., criminals are revving up their debit and credit card skimming fraud activities, which is seeing a resurgence after busting onto the scene about 20 years ago. And card skimming is big business; the FBI estimates that “skimming costs financial institutions and consumers more than $1 billion each year.”
Card Skimming Fraud – Old Threat, New Growth
Card skimming occurs when a criminal puts a device called a skimmer on a card reader, anywhere you might swipe or insert a card. Often thieves will put a false front on an ATM, gas pump or point-of-sale (POS) terminal, which reads and records the information on the card’s magnetic strip. They can also use small inserts in the card reader slot, which are incredibly difficult to detect.
Often skimmers include pinhole spy cameras, to capture videos of people typing their PIN numbers. More sophisticated scammers will put a false front on the keypad, which can act as a key logger for capturing PIN data. Once a customer has used a compromised card reader, the fraudster can download or wirelessly transfer the card details and the video of the PIN being typed, giving them complete access to the account.
One of the most insidious aspects of skimming fraud is that a transaction at a compromised location usually goes through without a hitch. The unsuspecting consumer has given their financial details to a criminal, but typically won’t notice anything amiss until fraudulent charges start showing up, or the money in a checking or savings account disappears. And by then, it’s usually too late.
Finding More Needles in the Haystack
One of the best parts of my job is actively fighting back against fraudsters. We do that by monitoring and reporting on compromised ATM and debit locations in the U.S., through FICO’s Card Alert Service. Earlier this year, we saw an alarming increase in the number of compromised cards.
For the first half of 2022, we’ve found a year-over-year increase in compromise events of 759%, up from 548% in the first quarter. That also represents a 501% increase in the overall number of compromised cards detected, indicating that thieves are back to their old tactics of skimming card and PIN information.
We’re also seeing some interesting trends in when and where fraud happens after a skimming event. Our data shows that more than half (53%) of skimming incidents happened in California, with another 23% happening in New York, Pennsylvania and Maryland. Of the total compromises detected, 63% happened at a single brand of convenience store, while only 20% took place at a branch ATM.
Fraud related to skimming shows up relatively quickly after a card was used in a compromised location, with 54% happening within two weeks. While it’s not quite smash-and-grab, the speed with which fraud happens after a card gets compromised shows that criminals know they have a limited window to get away with using the stolen information.
Fighting Back Against Card Skimming Fraud
There are concrete steps that both banks and consumers can take to fight back against skimming fraud. For consumers, one of the easiest ways to thwart a skimmer is to simply cover up the keypad while typing in a PIN. Without the PIN to unlock the card data, the fraudster can’t use the card details to make charges.
Consumers can also look for things that seem “off” or “fishy” about a particular terminal. In Oakland, one convenience store customer recently found a card skimmer. He noticed that a card reader had buttons that didn’t match others in the store, and he pulled up and lifted off a skimmer that had been placed on the reader. Noticing small differences in a POS terminal or at an ATM can mean the difference between a safe card and a compromised card.
For banks, knowledge is power. Using information from Card Compromise Reports (CCRs) and Suspect Reports – both of which are available through FICO’s Card Alert Service – banks and other financial institutions can quickly act on known compromised cards for block and reissue, or monitor cards more closely for signs of fraudulent activity.
Banks can also pay close attention to things like balance inquiries. In the first half of 2022, we’ve found that approximately 65% of transactions that led to identifying a compromise were balance inquiries, so setting up flagging or further investigations around balance inquiries can be a powerful tool in fighting compromised cards.
Finally, banks can use geographically based rules to help combat skimming fraud. Since skimming incidents tend to be concentrated in specific geographies, strategies like setting lower limits for out-of-area transactions are useful ways to minimize potential fraud impacts.
Follow me on LinkedIn for more insights about FICO’s innovative fraud fighting efforts.
How FICO’s Card Alert Service Can Help Fight Card Skimming Fraud
- Read about the panel discussion from FICO World 2022 that focused on other Global Fraud Trends
- Discover how Customer Communications Services for Fraud can alert customers about compromised card details in real-time
- Learn more about FICO’s Card Alert Service
