Credit card fraud#Skimming

Skimming (English for " skimming " ) is an English term for a man-in -the -middle attack, the illegal spying on the data from credit or debit cards. " When skimming card data is illegally obtained by data is read from magnetic stripe and copied onto fake cards. "


A typical attack pattern is the simultaneous spying on magnetic stripe contents of the credit or debit card along with the PIN at an ATM. The data for the debit card are then typically applied to a blank card blank (so-called White Plastic ) by which the fraudsters then - to withdraw cash from ATMs ( Kontoplünderung ) - together with the PIN. Since the card remains the property of the owner, the owner of the account noticed this attack usually only with collection of bank statements or if the bank intervenes by overdraft credit facility.

At ATMs different variants have been described, which have in common that the progressive miniaturization of the readers manipulating machines greatly simplifies the meantime. A variant is to apply to the Einschiebeschacht directly at the ATM, a reader in the form of a small plastic frame. The card is then simply pulled through the additional reader through into the machine and it read the contents of the magnetic stripe. Alternatively, incidents are reported where an additional reader was installed in the door opening of the branch (often already requires the admission to the hall with the ATM using the card).

The PIN is usually filmed with a small wireless camera that is often hidden above the keyboard in an adhered plastic strip (so-called " camera bar "). This is hardly recognizable as a rule, even for suspicious user. But there are also whole keypad dummies are used, which are glued on the actual keypad and simply record the keystrokes.

This attack patterns are possible because of the access to the map data is controlled by the reader, not, as in modern smart cards from the chip on the card itself, the card data are unprotected on the magnetic stripe and can be read by anyone. This is in smart cards different: Here the one, only a portion of the content at all be read, on the other hand controls the card itself entering the correct PIN and locks itself after a certain number of failed attempts. Since many ATMs abroad (still) are not designed for smart cards ( for example, in North, Central and South America ), many of issued credit cards or bank cards contain further - even if they are equipped with a chip - for compatibility reasons a magnetic strip, the the skimming favors.

For credit cards, the perpetrators procedure similar. Here's the map of the victim is, for example, when paying at a restaurant next to the regular card reader still pulled by a second.

If the victim has not acted with gross negligence, the respective bank compensation for the damages incurred.

With anti-skimming modules can be made almost impossible by the combined use of several defense mechanisms that skimming.