The Clearsale Blog

Shimming: The Newest Chip-Enabled Credit Card Scam

Shimming: The Newest Chip-Enabled Credit Card Scam

The newest attack method, called shimming, isn’t yet widespread, but it’s potentially devastating for merchants and customers. Knowing the subtle signs to look for and steps to take to avoid becoming a victim can help prevent this scam from wreaking financial havoc on your business.

What Is Shimming?

In a shimming attack, fraudsters insert a thin, card-sized shim — complete with embedded microchip and flash storage — into chip card readers to capture card data. All fraudsters have to do to collect the stolen credit card data is insert a special card at the compromised reader. The criminal looks like they’re making a payment or using the ATM, but they’re actually harvesting the data stored on the flash drive.

Unfortunately for customers and merchants, this attack method is so subtle that they don’t know they’re a victim until it’s too late.

The good news? Fraudsters can’t use the stolen data to create new chip cards. The bad news? Scammers can still use the data to clone a magnetic stripe card, sell the data on the dark net, or use it on card-not-present purchases to defraud e-commerce merchants.

How Merchants Can Thwart Shimming Scams

If merchants don’t follow the latest security procedures for encrypting and transmitting credit card data, they may be unknowingly accepting payment from shimmed cards and facilitating fraud. And that can result in upset customers, expensive chargebacks once the legitimate cardholder discovers the fraud, and hits to revenue and reputation.

Here are five things merchants can do to avoid falling victim to this scam.

1. Require CVV Numbers

When shimming devices capture credit card data, one thing they’re unable to capture is the CVV — it’s embossed on the credit card, not stored on the magnetic stripe. Asking or looking for this number can help confirm the rightful owner possesses the credit card and will make merchants less susceptible to shimming.

2. Share Attack Data

To help identify credit card fraud before it happens, share fraud attempts with merchant networks. Doing so provides merchants a larger pool of data from which they can identify emerging fraud patterns.

3. Inspect POS Terminals

Brick-and-mortar retailers should inspect their card readers daily, ensuring they haven’t been tampered with. Most point-of-sale merchants won’t see the shimming device from the outside, so they should test the reader by inserting credit cards. If they don’t go in and out of card readers smoothly, a shimming device may be to blame.

4. Encourage Contactless Payments

Encourage customers to use the tap-and-go features on their credit cards or mobile payment apps like Apple Pay and Google Pay. Both payment methods eliminate the risk of having data stolen after inserting credit cards into card readers.

5. Implement a Robust Fraud Prevention Program

Customers love the convenience of online shopping, but they’re increasingly concerned about the risk of divulging sensitive financial data. E-commerce merchants who invest in a robust fraud prevention solution can protect customers — and themselves — against emerging criminal scams while also eliminating false declines and providing a seamless shopping experience.

Fraudsters don’t need high-tech ways to defraud consumers when simple shimming devices work just fine. Merchants, however, should use solutions that combine the best of human analysis with advanced artificial intelligence to stop fraud before it happens.

Download ClearSale’s “Online Credit Card Fraud Risk” e-book to learn how our approach can help you safeguard your profits, protect your reputation and improve customer relationships.

Download Credit Card Fraud eBook

You may also like

[Industry Focus] Fraud Risk Profile for Nutraceutical and Drug Retailers

[Industry Focus] Fraud Risk Profile for Nutraceutical and Drug Retailers

As people become more conscious of what they’re putting into their bodies, there’s been an increased demand for high-quality supplements and healthful food and beverages. The result has been a..

3 Ways Tech Can Benefit Remote Teams

3 Ways Tech Can Benefit Remote Teams

Ecommerce businesses are used to an ever-evolving digital connection between them and their customers. But 2020’s COVID-19 pandemic has resulted in that digital connection making its way into the..

Shopping Habits by Gender: What’s Changed in 2020

Shopping Habits by Gender: What’s Changed in 2020

Do men hate shopping online? Are women more worried about fraud?

How Management Should Contribute to Fraud Protection

How Management Should Contribute to Fraud Protection

As companies grow, management often delegates business-critical tasks—marketing, technology, fraud prevention—to different departments. While it might seem to be an efficient way to get things..

“I Don’t Need Fraud Protection — My Business Isn’t at Risk!”

“I Don’t Need Fraud Protection — My Business Isn’t at Risk!”

As an e-commerce merchant, you know the risk of fraud, false declines and chargebacks. But maybe you think it won’t happen to you because you’re a relatively new — or small — e-commerce merchant,..

How Backtesting Can Improve Fraud Prevention

How Backtesting Can Improve Fraud Prevention

They say hindsight is 20/20, and that’s especially true for e-commerce merchants looking to increase their approval rates and decrease fraudulent transactions. It’s easy to look back at..

Is Fraud Risk Scaring You Away From International Shipping?

Is Fraud Risk Scaring You Away From International Shipping?

With cross-border shopping estimated to make up 20% of e-commerce in 2022, many merchants are right to consider expanding into other countries. So what’s stopping them from pulling the trigger?

Preparing Your E-Commerce Store for the Holiday Season

Preparing Your E-Commerce Store for the Holiday Season

It might still be summer on the calendar, but the holiday shopping season is just around the corner.  Are you ready?

Impact Analysis: Declined Transactions vs. Fraudulent Transactions

Impact Analysis: Declined Transactions vs. Fraudulent Transactions

Selling products and services online offers great opportunities for merchants, but it’s not without risk. Savvy cybercriminals use stolen personal data to defraud merchants, and sometimes, a..

Want to write
for our blog?

Please review our writers' guidelines
https://www2.clear.sale/press/clearsale-guest-blog-guidelines
and then email guestwriter@clear.sale with your pitch!

Subscribe to our blog