In 2024, 93% of fraudulent charges involved U.S. credit cards that were still in possession of the card owners—they were neither reported stolen nor missing. This type of credit card fraud is known as card-not-present (CNP) fraud, where scammers do not need the card in their possession to transact with it.
Scammers can use a card that’s not in their possession because they devise methods to obtain the owners’ credit card information. Credit card skimming is one of the most popular tactics bad actors employ to get this information, and it’s becoming widespread in the U.S.
In this article, we explore what skimmer credit card scams are and how they work. We’ll also review ways to protect yourself from these scams and solutions to help you safeguard your funds.
What Is a Credit Card Skimmer and How Does It Work?

A credit card skimmer is a small device used for credit card fraud that’s installed on top of real card readers at self-service sale terminals, such as ATMs or point-of-sale (POS) machines. The credit card skimmer reads the magnetic strip on the card when you insert it into the sales terminal. It can also capture your PIN details if the criminal places a fake keypad on top of the original keypad or installs a hidden camera recording your activity.
Once your information is captured, the scammer can use your credit card data to steal from you, sell it to someone else, or do both. Skimmers are designed to blend in with the machine, making it difficult to spot them immediately.
Some key places where you’re at risk of falling victim to a card skimmer include:
- Gas pumps
- ATMs
- Metro station ticket kiosks
- Unattended POS systems
- Grocery stores
- Department stores
- Convenience stores
- Restaurants where the employee takes your card out of sight
The Difference Between a Credit Card Skimmer and a Shimmer
Card shimmers work similarly to card skimmers, stealing data from your credit card in an undetectable way. The table below lays out key differences that distinguish these devices and the way they collect data:
Credit Card Skimmer | Credit Card Shimmer |
Typically attached to the outside of an ATM or POS machine | It’s inserted into the card reader slot of an ATM or POS machine |
It reads the magnetic stripe on older credit cards | It reads the EMV chip on newer credit cards |
It captures the card number, expiration date, CVV, and sometimes the cardholder’s name | It captures the card number, expiration date, and additional security information not usually found on magnetic stripes |
It can be visually detected from the outside | It’s harder to detect a shimmer from outside |
Note that these devices are not always physically installed. There are different types of card skimmers and shimmers, including those that can operate from a distance using Bluetooth technology.
How Thieves Use Credit Card Skimmers To Steal Information

To fully understand the threats credit card skimmers pose, it’s important to know the types of card skimming devices and the technology they use to steal information. Here’s how each type of skimming device is used:
- Physical or overlay skimmers—These are the most common types of card skimming devices, installed at the payment terminal to skim data from the credit card’s magstripe. Overlay skimmers are installed on top of the ATM’s card slot, allowing criminals to retrieve them easily
- Wireless skimmers—These are advanced, wireless skimming devices used for capturing data from more secure cards, such as chip or contactless cards. The bad actors install the skimmers close to the sales terminal, capturing data without having to contact the card physically
- Internal skimmers—This is a type of malware that captures data from breached systems or networks. Scammers install the internal skimmer when they break into e-commerce networks, which can capture a great amount of customer data before it’s spotted
Once the scammers successfully retrieve the data, they transmit it wirelessly to a remote server from where they can exploit it by creating counterfeit cards, committing identity theft, or making unauthorized purchases.
Credit Card Skimmer Scams and Techniques
POS or ATM skimming is the most common type of skimmer scam, where scammers install the devices at trusted pay terminals. However, there are many other popular skimmer credit card scams, including:
- Card trapping—Similarly to POS scams, this tactic involves placing a skimmer on the ATM’s slot. Instead of copying the information on the card via the magstripe or EMV chip, the skimmer traps the card so that it doesn’t eject. The scammers return to claim the trapped card after the card owner leaves the premises
- Online skimming—The most common way thieves steal credit card information online is by skimming websites. They add malicious code to the checkout and payment pages to obtain the card data when the customer attempts to pay for items. Online skimming is mostly associated with sites without an SSL certification because they’re more vulnerable to scam attacks. This scam is also known as e-skimming
- Bluetooth skimming—The scammers install the Bluetooth skimmer close to the pay terminals to capture the data wirelessly when victims try to pay. It’s one of the most flexible skimming methods since they don’t have to access the cards physically or tamper with the machine. Scammers sometimes install a hidden camera on the machine to capture the card PIN as ATM users input them
How To Protect Yourself From Credit Card Skimming

Listed below are steps to protect yourself from card skimming and other types of credit card scams:
- Take time to inspect the card reader and keypad—Always check to see that the card reader is intact. If any parts of the machine look skewed, bulging, or out of alignment, it could be a sign that the machine has been tampered with. Feel around the card reader and give it a little wiggle to see if anything falls loose before you insert your card
- Check the security seal—The Federal Trade Commission (FTC) advises that you look at the security seal near the card reader at gas pumps. If the seal is broken, the label will read “void,” signaling that a skimmer might be installed
- Compare the machines with others—If you’re using a gas pump, compare the slot with others in the gas station to ensure nothing is bulging or out of place. If you notice the card slot or keypad at your pump looks different from the others, it may be compromised
- Carefully inspect websites for security marks—Always check the website’s address bar for a padlock symbol and confirm that the URL has the “https” certification to avoid e-skimming. These symbols indicate that the website is protected from vulnerabilities like internal skimming devices
What To Do if You Fall Victim to a Card Skimming Device
If your credit card is skimmed, take the following steps to keep your identity and funds secure:
- Report the scam to your credit card issuer immediately. Call the number on the back of your credit card or visit their website to start an interaction
- Contact the FTC and follow the recommended steps to control the damage. Visit your local police fraud department and file a report to document the criminal case. It’s also advisable to contact the three major credit bureaus and request to freeze your account and place a fraud alert to warn card issuers about potential credit card identity thieves
- Quickly move your cash reserves or savings from your traditional savings account into a fraud-protected platform. Once fraudsters have your financial information, they can breach your savings account and drain it.