Card shimming is the new way to prey on your identity. Card skimming involves a device that is attached to the outside of the card reader that reads the magnetic stripe on credit cards. Card skimmers are bulky and easy to spot. Card shimming, on the other hand, is not. Card shimming involves a paper-thin, card-sized shim embedded with a microchip that may not be easily detected. They sit between the chip reader in the ATM or point-of-sale device and the chip on the card, so if a customer’s card is inserted, the shimmer will record the data on the chip while allowing the ATM or point-of-sale device to function as normal.
The good news is that the information that is collected by a shimmer can only be used to clone a magnetic stripe card, so as long as the merchant has adapted to the EMV chip card terminal, the use of a shimmer will not be successful.
The reason cards equipped with the chip are safer is because on a magnetic stripe, the data is unchanged. Whoever copies the magnetic stripe can easily replicate the data over and over again. Cards equipped with the chip are much harder to copy.
On a chip-enabled card, every time you use it to pay in the EMV terminal, the card chip will create a unique transaction code that can never be used again.
This is why stores should have implemented the new EMV chip card terminals by now. Unfortunately, many stores still have not. Here’s some good news: If your bank has issued you a chip card and the merchant you paid at only allows you to swipe your card, the merchant will be liable for fraudulent activity.
Here are some things you might do when the chip card isn’t an option.
Pay cash – The old-fashioned way of buying things.
Ask questions – Ask the merchant why they do not have the EMV terminals in their stores, and when they expect to start implementing that payment method.
Keep an eye on your account – Regardless of if you swipe your card or use the chip, you still need to monitor your account regularly for fraud. Also monitor your credit if you have reason to believe your personal information was compromised.