The Clearsale Blog

Shimming: The Newest Chip-Enabled Credit Card Scam

Shimming: The Newest Chip-Enabled Credit Card Scam

The newest attack method, called shimming, isn’t yet widespread, but it’s potentially devastating for merchants and customers. Knowing the subtle signs to look for and steps to take to avoid becoming a victim can help prevent this scam from wreaking financial havoc on your business.

What Is Shimming?

In a shimming attack, fraudsters insert a thin, card-sized shim — complete with embedded microchip and flash storage — into chip card readers to capture card data. All fraudsters have to do to collect the stolen credit card data is insert a special card at the compromised reader. The criminal looks like they’re making a payment or using the ATM, but they’re actually harvesting the data stored on the flash drive.

Unfortunately for customers and merchants, this attack method is so subtle that they don’t know they’re a victim until it’s too late.

The good news? Fraudsters can’t use the stolen data to create new chip cards. The bad news? Scammers can still use the data to clone a magnetic stripe card, sell the data on the dark net, or use it on card-not-present purchases to defraud e-commerce merchants.

How Merchants Can Thwart Shimming Scams

If merchants don’t follow the latest security procedures for encrypting and transmitting credit card data, they may be unknowingly accepting payment from shimmed cards and facilitating fraud. And that can result in upset customers, expensive chargebacks once the legitimate cardholder discovers the fraud, and hits to revenue and reputation.

Here are five things merchants can do to avoid falling victim to this scam.

1. Require CVV Numbers

When shimming devices capture credit card data, one thing they’re unable to capture is the CVV — it’s embossed on the credit card, not stored on the magnetic stripe. Asking or looking for this number can help confirm the rightful owner possesses the credit card and will make merchants less susceptible to shimming.

2. Share Attack Data

To help identify credit card fraud before it happens, share fraud attempts with merchant networks. Doing so provides merchants a larger pool of data from which they can identify emerging fraud patterns.

3. Inspect POS Terminals

Brick-and-mortar retailers should inspect their card readers daily, ensuring they haven’t been tampered with. Most point-of-sale merchants won’t see the shimming device from the outside, so they should test the reader by inserting credit cards. If they don’t go in and out of card readers smoothly, a shimming device may be to blame.

4. Encourage Contactless Payments

Encourage customers to use the tap-and-go features on their credit cards or mobile payment apps like Apple Pay and Google Pay. Both payment methods eliminate the risk of having data stolen after inserting credit cards into card readers.

5. Implement a Robust Fraud Prevention Program

Customers love the convenience of online shopping, but they’re increasingly concerned about the risk of divulging sensitive financial data. E-commerce merchants who invest in a robust fraud prevention solution can protect customers — and themselves — against emerging criminal scams while also eliminating false declines and providing a seamless shopping experience.

Fraudsters don’t need high-tech ways to defraud consumers when simple shimming devices work just fine. Merchants, however, should use solutions that combine the best of human analysis with advanced artificial intelligence to stop fraud before it happens.

Download ClearSale’s “Online Credit Card Fraud Risk” e-book to learn how our approach can help you safeguard your profits, protect your reputation and improve customer relationships.

Download Credit Card Fraud eBook

You may also like

What to Consider When Assessing the Cost of Fraud Protection

What to Consider When Assessing the Cost of Fraud Protection

The newest attack method, called shimming, isn’t yet widespread, but it’s potentially devastating for merchants and customers. Knowing the subtle signs to look for and steps to take to avoid..

Why MOTO Transactions Have an Increased Fraud Risk

Why MOTO Transactions Have an Increased Fraud Risk

The newest attack method, called shimming, isn’t yet widespread, but it’s potentially devastating for merchants and customers. Knowing the subtle signs to look for and steps to take to avoid..

SIM Swapping: How to Protect Against This Emerging Scam

SIM Swapping: How to Protect Against This Emerging Scam

The newest attack method, called shimming, isn’t yet widespread, but it’s potentially devastating for merchants and customers. Knowing the subtle signs to look for and steps to take to avoid..

The 13 Fraud KPIs E-Commerce Merchants Need to Know

The 13 Fraud KPIs E-Commerce Merchants Need to Know

The newest attack method, called shimming, isn’t yet widespread, but it’s potentially devastating for merchants and customers. Knowing the subtle signs to look for and steps to take to avoid..

Country Profile: The Guide to E-Commerce in Mexico

Country Profile: The Guide to E-Commerce in Mexico

The newest attack method, called shimming, isn’t yet widespread, but it’s potentially devastating for merchants and customers. Knowing the subtle signs to look for and steps to take to avoid..

The True Cost of E-Commerce Fraud

The True Cost of E-Commerce Fraud

The newest attack method, called shimming, isn’t yet widespread, but it’s potentially devastating for merchants and customers. Knowing the subtle signs to look for and steps to take to avoid..

Predictions for the E-Commerce Fraud Market in 2020

Predictions for the E-Commerce Fraud Market in 2020

The newest attack method, called shimming, isn’t yet widespread, but it’s potentially devastating for merchants and customers. Knowing the subtle signs to look for and steps to take to avoid..

Made in Brazil: Why Our Roots Make Our E-Commerce Solution Better

Made in Brazil: Why Our Roots Make Our E-Commerce Solution Better

The newest attack method, called shimming, isn’t yet widespread, but it’s potentially devastating for merchants and customers. Knowing the subtle signs to look for and steps to take to avoid..

Interview with a ClearSale Fraud Analyst - Antonio Gonzalez

Interview with a ClearSale Fraud Analyst - Antonio Gonzalez

The newest attack method, called shimming, isn’t yet widespread, but it’s potentially devastating for merchants and customers. Knowing the subtle signs to look for and steps to take to avoid..

Want to write
for our blog?

Please review our writers' guidelines
https://www2.clear.sale/press/clearsale-guest-blog-guidelines
and then email guestwriter@clear.sale with your pitch!

Subscribe to our blog