Credit card skimming and shimming are modern-day forms of theft that impact businesses and their customers

Gone are the days when stealing a company’s credit card depended on a nimble-fingered thief sliding an employee’s wallet out of their pocket. Credit card skimming and shimming are modern-day forms of theft scammers use to steal your card details. Fraud associated with skimming costs businesses and their customers more than $1 billion every year.Disclosure 1

Key concepts

In this article, you’ll learn:

  • How to recognize card skimming
  • What makes skimming and shimming different
  • How these two scams affect your business—and what you can do about it

Video: Fraud prevention 101: Card skimming

Component ID : "accordionGridLayout-741143399"
Model : "disclaimer"
Position : "left"

[Fraud prevention 101: Card skimming] [Truist logo]

[Card skimming: Keep your card information secure by watching for inconsistencies.]

[Skimming: /skimming/ noun 1. The act of fraudulently copying credit or debit card details with a card swipe or other device.]

Narrator: Card skimming happens when a thief places a hard-to-detect device over a card scanner somewhere like an ATM or a gas pump.

As you swipe, the device intercepts and stores your information for the thief to take advantage of later.

Whenever you use a card reader, watch for misalignments in the card-reading slot or partially covered stickers or text.

And play it safe. If anything seems out of place, try to use a different machine.

[Learn more ways to keep your information safe.]

Truist [logo]

Contact your Truist relationship manager or treasury consultant for more information on fraud protection.

Truist Bank, Member FDIC. © 2024 Truist Financial Corporation. Truist, the Truist logo, and Truist Purple are service marks of Truist Financial Corporation.

[end transcript]

What is credit card skimming, and how is shimming different?

Credit card skimming is a way for scammers to steal card details by attaching a small, camouflaged device to a payment terminal. Any time someone swipes their card’s magnetic strip through an affected terminal, the skimming device harvests their payment information.

With card shimming, scammers implant a tiny device inside the terminal or card slot that steals payment information from a card’s EMV chip.

Either way, the result is the same: Criminals harvest your credit or debit card number, your PIN, and other information they can use to make fraudulent purchases or steal your money.

Skimming and shimming devices are often deployed in ATMs, fuel pumps, and point-of-sale (POS) terminals at convenience stores. Scammers tend to target high-traffic, poorly monitored areas where their devices have a better chance of going undetected. Some devices are even designed to look like part of an ATM.

Good news: Digital payment systems such as Apple Pay and Google Wallet are making it harder for scammers to steal corporate card data through skimming and shimming.

Case study: First-of-its-kind law enforcement agency to combat card skimming prevents $100 million in losses.

In 2022, Texas created a law enforcement department to prevent credit card skimming. In its first 15 months, the Texas Financial Crimes Intelligence Center drew national attention by preventing, intercepting, or recovering nearly $100 million. They also discovered nearly 400 skimming devices on fuel pumps throughout the state.Disclosure 2

Best practices and prevention

Card skimming and shimming devices can be installed quickly and are often hard to detect. Fortunately, there are precautions you can take to protect your corporate card details. Here are a few strategies to help you and your team avoid card skimming and shimming.

Use contactless payments whenever possible.
Train employees to use contactless payment options (such as “tap to pay”) on POS terminals. In addition, smartphone apps like Google Wallet and Apple Pay can save your corporate card details but can’t be skimmed or shimmed.

Choose the most well-monitored terminals.
Shimming and skimming credit cards only works when fraudsters can access and tamper with a card terminal. You can reduce the likelihood of using an affected terminal by sticking to highly trafficked, well-lit areas. Instruct corporate cardholders to seek indoor ATMs and gas pumps with security cameras nearby.

Inspect the device before inserting your card.
Knowing how to spot card skimmers isn’t always easy, as they often look like real card readers at first glance. Upon closer inspection, however, you may see signs. Put your staff on alert for terminals that look scratched from possible tampering, wiggle when touched, or stick out beyond the surface of the ATM or gas pump.

Stay alert and sound the alarm.
Having your accounts team carefully monitor bank statements for fraudulent transactions might not stop these attacks in the moment—but it can help lead to speedier removal of these devices and recovery of funds.

Talk to Truist.
Your relationship manager can help you set up and monitor your company’s credit cards. Truist’s commercial credit cards come with built-in fraud controls, including authorization and limit management, quick alerts, fraud monitoring, and detailed reporting.

FAQ on card skimming and shimming

Component ID : "faq-1301646222"
Model : "faq"
Position : "left"

Both skimmers and shimmers blend in with real card reader hardware. However, these fakes often feature shoddy craftsmanship, such as a slightly crooked vendor sticker, a cumbersome numeric keypad, or a high-friction card slot.

Card skimming refers to devices applied to a card terminal’s exterior, which steal payment information from your card’s magnetic strip. While similar, card shimming refers to smaller devices installed inside a terminal’s card slot, which steal information from your card’s metallic EMV chip.

No. Contactless card payments aren’t susceptible to skimming and shimming. In fact, using “tap to pay” helps reduce the risk of your card details being stolen in a skimming or shimming attack.

If you suspect your credit card has been compromised, call 844-4TRUIST (844-487-8478). You can also contact your relationship manager or treasury consultant. Learn more about reporting fraud at Truist, including steps to file reports with local law enforcement and the Federal Trade Commission (FTC).

Turn to professionals for protection.

To learn more about cybersecurity threats and the various types of fraud facing your organization, connect with one of Truist’s relationship managers.

Purple PaperSM Digital Transformation

Learn how you can put advanced technology to work for your business.

Related resources

    {0}
    {6}
    {7}
    {8}
    {9}
    {12}
    {10}
    {11}

    {3}

    {1}
    {2}
    {7}
    {8}
    {9}
    {10}
    {11}
    {14}
    {12}
    {13}

    Stay informed and get connected

    Looking for fresh thinking and new insights to help uncover opportunities for your business needs?

    Connect with a Relationship Manager

    Work with a partner who sees your vision and has the resources to help you achieve it. We’re ready to focus on the specific needs of your company—and where you are in your business lifecycle.

    *This form is for prospects. Truist clients should contact their relationship manager with inquiries related to commercial products and services.

    Helpful links



    Sign up for monthly articles on Business Insights

    Sign up to receive our business insights, thought leadership, and client success stories that can help inspire your next bold business move.

    Please enter a first name
    Please enter a last name
    Please enter a valid email address
    Please enter a company name
    I'm also interested in: Please select a campaign option