Trash or treasure?

How thieves know what you just got for Christmas


The holidays bring lots of joy and cheer. Unfortunately, they also create opportunities for thieves to zero in on your newly acquired gifts.

Here is one simple tip to prevent the Grinch from making your home his next target.

After all the toys, gifts and gadgets have been unwrapped where do all the boxes and paper go? To the trash! For many of us that means curbside pick up by the local waste service, right? So, just for a moment, let’s say a thief is driving around your neighborhood looking for his next target. Does he pick the house with the leftover pizza boxes stacked outside or does something like this catch his eye?

 

 

Hmmm... Looks like this house has some fun toys inside that can easily be sold or traded for quick cash.   

Here is the tip: Break down your boxes and don’t put them out until recycle pickup day.

 

A thief is less likely to stop and investigate this pile of trash.

 

By cutting up your boxes into small sections no one will know that you have a 60” TV or a set of power tools or even the new bikes Santa brought for your kids. Chances are that thief will pass you by and keep looking.

If you do happen to see someone suspicious in your neighborhood on trash day they just might be looking for an easy target with a high payoff.  Notify the local police. It is better to be safe that sorry.

 

See also 10 Vacation Safety Tips

 

jack justin headshot

Justin Jack
Social Media Marketing Specialist at Extraco Banks

Connect with Justin on LinkedIn

Gas pump card skimming: The newest card scamming threat

Last summer I wrote a blog about ATM skimmers. That was in response to reports of skimming activity further south on I-35.
 

New evidence of gas station pump skimmers is popping up all over the country and just recently gas pump skimmers were discovered in Waco and other cities here in Central Texas.

What makes these skimmers different is that they are not surface devices. They are being installed inside the gas pump and contain Bluetooth technology to transmit card information remotely.

At a glance it is almost impossible to tell if the gas pump you are using contains a skimming device. Master keys to the pump are being copied and used to gain access to the internal electronics of the pump. Many states are implementing security seals or stickers that go over the key lock to prevent tampering. If you discover a broken seal or a lock that appears to have been tampered with notify the gas station attendant and the local police. Don’t swipe or insert your debit or credit card! 

Here are some safety tips you should consider when buying gas:
  • Pay inside the store when possible.
  • Use pumps that are closest to the building. Scammers tend to tamper with pumps with an obstructed view of the station.
  • If the security seal over the pump door is broken or voided don't use that pump. 
  • Be aware of occupied cars parked away from the building. Scammers are often waiting nearby to remotely retrieve card information.
  • Monitor your online bank statements regularly and report unauthorized charges. If you notice something suspicious contact your bank immediately.
  • Download the Extraco Fraud Alert App  for easy remote monitoring of your account.
 
 

jack justin headshot

Justin Jack
Social Media Marketing Specialist at Extraco Banks

Connect with Justin on LinkedIn

fish hook in stack of credit cardsWarning: Phishing Scams are on the rise. So how do you avoid the trap?

Most of us have been the target of a Phishing scam whether we realized it at the time or not. If you don’t know what a phishing scam is, you really need to read this article.
 
What is Phishing?
How do you spot it?
What do you do if you think you are being scammed?

Phishing is when a crook sends you an email, text or phone call impersonating a reputable company hoping to get you to reveal personal information, such as an account number, password or Social Security number.

Odds are that you have probably received an email that looks authentic from someone stating that your account has been compromised and that you need to reply immediately to verify your information. Or maybe it stated that someone has been trying to access your login and you need to reset your password. Sound familiar?

Getting one of these notifications can cause a sense of urgency and fear. That is exactly what the fraudsters are hoping. They want you to react quickly before you catch on to what is happening. Often out of panic you click the link, reply to the text or answer their questions over the phone. Boom! You just got phished. The crooks now have your login, password, account number, social security number or whatever piece of information they need to cause trouble.

Let’s look at how to avoid phishing in the first place.

  • It is a good idea to change your logins or passwords frequently. Information gets sold or shared frequently without you even knowing it. By changing your logins frequently you prevent hackers from getting current information.
  • Don’t use the same login or password for all of your accounts. I know it’s a pain to come up with 37 different passwords and remember them all, but once a hacker figures one out, chances are they will try it on other accounts of yours too.
  • If you get an email or text message and you don’t recognize the sender, don’t open it and by all means don’t click that link or open any attachments. Opening an unknown file can release all kinds of viruses onto your computer or smart device. Have you ever heard of Ransomware or Trojan horse viruses? Once your device has been infected, undoing the damage is very difficult and extremely frustrating.

How can you tell if the notification is legitimate?

Suppose it has an official looking logo and someone with an important title sent it or the person on the other end of the phone has a fancy title and seems to know who I am; it must be authentic right? Not necessarily.

Let’s start with emails.

At a glance it may look real, but who sent it? I don’t mean the name on the signature line. Look at the email address it was sent from? Does that match the company that wants your information.

For Example: It has ABC Utility Company’s logo and it is signed by an account rep. at ABC Utility Co., but the return email at the top looks like it belongs to someone disconnected, like JSmith247@gotcha.com. That is a sloppy hacker trying to dupe you. That is an obvious hint that it is not authentic.

Here is an example of an actual Phishing email.


At a glance it looks normal, but I have highlighted the parts that give it away as a fake.
  • The “From” line Spells Discover with the number 0 instead of the letter o. It also has a vague return email address.
  • The ”To” line is not specific.
  • The color scheme is correct but there is no Discover brand or logo.
  • The text in the body is an unusual font with missing punctuation and all the “p”s are uppercase, even when used in the middle of words.
  • Discover always uses the registered trademark after its name. It is missing here.
 
Here is another real example.

Who pays $97.99 for Netflix?

This one is tougher to catch because the link takes you to a website that looks like a real Apple iTunes page. Hopefully the 97.99 fee wasn’t so much of a shock that the user still noticed that the “$ “ was missing.

But sometimes the hackers are even trickier. They will mask the sender email so that it looks also looks legit. Here is how to tell for sure: Hover your cursor over or right click on the sender’s email address at the top of the email.   A popup should reveal the true sender’s email address. Does it look authentic now?

Okay, so let’s say it looks real and passes the email sender test. Does the company normally send you notifications in this way? Or is this the first time you have seen something like this? If this is not how the company usually communicates with you it is all right to be suspicious.

FYI, there is no Nigerian Prince trying to give you millions of dollars if you just reply with your bank account. Nor is there a widow whose husbands dying wish was for you to donate his fortune to a charity and keep 10% for your trouble. Sorry, but those are classic phishing scams.

Now you know how to sniff out bad emails, but what about those emergency text alerts?

Did you sign up for alerts? Most Financial institutions have apps that will alert you of suspicious activity, but they also require you to log in to verify that you are who you say you are first.

Never reply to the text alert directly. Call the company at a published phone number and inquire about the alert. If there truly is a problem they will be glad to assist you.

Here is what a fake text alert looks like.


This hacker already has her name and account number. All they need is her PIN and/or a zip code and they can conduct ATM or PIN based transactions.

By the way, neither Extraco Banks nor Discover will alert you in this way. If you get a notice like this notify a Customer Care Representative right away!

Extraco customers can call 866.EXTRACO (866.398.7226)

So what about suspicious phone calls?

Even with Caller I.D., you might still get duped by a smooth talking thief. They may pretend to be an account rep, an investigator, or even someone from a fraud department asking for you to verify your information.   If the Caller I.D. says “Unknown” you should be suspicious. Let’s say the caller I.D. looks real. Now what? It is always OK to hang up and call the company back at a published phone number. Again, if there is a real problem, they will be willing to help.

Recently, hackers have pretended to be from the IRS and call demanding immediate payment. Per the IRS website, you will never get a phone call without first getting a mailed a notification.


My advice is simple. First, don’t panic. Secondly, never respond via the method you are contacted. Don’t reply to the email or text message. Instead, call the company using a published phone number. If you get a phone call, hang up and call them back at a published phone number. Never call the phone number on the email or Caller I.D. That can be faked also.

What should you do if you think you have been targeted by a phishing scam?

  • Contact the company that is involved. Most companies have a fraud department that will investigate it and can confirm or deny that the issue is real.
  • Contact your bank or financial institution and have them review your account for unauthorized activity.
  • Contact the Better Business Bureau. They work to protect you and others from predatory scams.
  • File a report with the Federal Trade Commission at www. FTC.gov/complaint.
They have recommended steps to take to minimize your risk of identity theft in the event you get Phished.
 
Now you know what Phishing is, how to spot it and what to do if you think you have been attacked. Another way to prevent fraud is to sign up for the Extraco Fraud Alerts app. This app is available to all Extraco Banks customers and will notify you of suspicious activity on your account. 
Click here to learn more.


jack justin headshot
Justin Jack
Social Media Marketing Specialist at Extraco Banks

Connect with Justin on LinkedIn.

chain and locks around luggage10 Vacation Safety Tips

Vacations can be exciting or relaxing and often create lasting memories. Don’t let your vacation adventures turn into a series of unfortunate events. Here are a few tips to consider before your next vacation.
 
1. Turn off the geo-tracking on your phone or smart device.

While it is great that technology can post your location and let all your friends know that you are eating lunch at the fanciest restaurant in the country, it also lets thieves know that your are not home and won’t be for a while.

 2. Similarly, wait until you return home before posting all those pictures on social media.

If you live in Texas and you post a selfie at the Statue of Liberty, you are letting the world know that your home is vacant.

 3. Have the post office hold your mail.

An overflowing mailbox is a prime target for thieves to steal credit card statements or open an account with one of those special offers.

 4. Make sure to take multiple forms of payment.

I am not suggesting taking a huge roll of $20 bills, but it is wise to carry at least two debit or credit cards from differing accounts. That way should one card get compromised you are not left stranded.

 5. Download the Extraco Fraud Alert App.

This gives you control of charges that may trigger an alert.

 6. Let your Bank or credit card company know what dates and where you plan to travel.

Many financial institutions have software that tracks spending patterns and will set off an alert if you have unusual purchases. Some may even temporarily deactivate your card. Giving notice in advance can help prevent a premature card deactivation.

 7. Keep a list of phone numbers of your bank and credit cards companies.

Should your purse or wallet get lost or stolen you can call to cancel your accounts.

 8. Be aware of your account balances before and after your trip.

Some hotels and rental car places may place a hold on your account while others will charge the fee upfront. It is unfortunate to find hidden charges or fees after the fact or have a hotel bill post to your account when you haven’t prepared for it.

 9. Check with your insurance company before long trips or out of the country excursions to learn what items are covered should an accident occur.

Some insurance companies offer travel insurance to replace lost luggage or damage to a rental car.

You may think you are covered for something you are not. When traveling on cruise ships, you can get special cruise insurance. Check with your insurance agent to see if this makes sense for your trip.

 10. You can get temporary data plans when on a cruise ship.

Lots of people are shocked to see how much a cruise ship charges for wi-fi. Most phone carriers offer a special data plan for cruises where wi-fi signal is at a premium. It is better to raise your rate plan a little bit now than get hit with a huge bill later.
 
Pre-trip planning may prevent some unwanted stress later.

jack justin headshot
Justin Jack
Social Media Marketing Specialist at Extraco Banks

Connect with Justin on LinkedIn.

someone writing a checkAre checks really safer than debit cards?

Once you decide to buy something, you then must determine the form of payment you’ll use. Is cash easiest? Will you write a check? Or is your debit card the best way to go? Pros and cons exist for all methods of payment. Many of us decide quickly without thinking through potential fraud or payment protection.
 
From time to time I come across customers who prefer to write checks instead of using a debit card to make their daily purchases.  When I inquire why this is the case they almost always admit that they feel debit cards are too susceptible to fraud and identity theft.
 
When you get down to the basics, it really is the opposite when you compare the two forms of payment.

A debit card is a 16-digit number that is “tied” to your bank account.  Other than your name there is nothing specific about you or your account that someone else could use.  As soon as a customer notifies their bank that their card has been stolen or that they have noticed fraudulent activity on their account, the bank immediately cancels that card rendering it useless. That 16-digit account number is no longer valid.  The customer then receives a new card with a new 16-digit number and they are on their way.
 
With a checking account things are much different.  Your check contains very specific, vital information about you:
 
– Your Full Name
– Your Address
– Your Phone Number
– Your Bank’s Name
– Your Bank’s Account Number
– Your Bank’s Routing Number
– The current check # you are on
– Your Signature
 
There is a lot of valuable information that could be used by a criminal intent on stealing your identity or gaining access to your account.  Most of the time when you write a check you put that check in the hands of a stranger, such as a cashier at the grocery store or an accounts receivable person at your utility company.  Quite often this is where the fraud begins.  All they have to do is make a copy of your check and they have everything they need.  With the advancements in the quality of computer scanners and printers, fraudsters can make perfect copies of your check that include your exact signature.  To make things worse when fraud occurs on a checking account it typically requires that the account be closed and a new account with a new account number be opened.  This can be very expensive and time consuming. For example, that box of new checks you just purchased is now useless.
 
I am not suggesting that debit cards are risk free.  They can be compromised as well.  However, there is a greater risk with check writing and potentially more serious consequences should you experience check fraud.

Sam Brown Headshot
Sam Brown
Sr. Vice President
Commercial Business Development at Extraco Banks
 
Connect with Sam on LinkedIn.

a hand with stop fraud stamped on itStop Fraud with the Extraco Fraud Alerts App

Debit Card Fraud is an ever-increasing concern for many customers who, like me, use debit cards every day. This may be frightening because it may take a while to recognize fraud that has occurred on your account, and disputing those charges can sometimes take a while.

What is Extraco Banks doing to protect the customers?
 
We have introduced a new program known as Extraco Fraud Alerts. This new alert system has many great features, and will significantly reduce the amount of fraud reports. One of the many benefits of Extraco Fraud Alerts is that it immediately notifies customers of suspicious debit card transactions as soon as the transaction occurs. Extraco will contact the customers by either phone and email, or text and email to verify a suspicious transaction. Customers may also download Extraco’s Fraud Alerts App to receive push notifications making their fraud prevention available anywhere in the world. It gives customers control of their accounts by allowing the customer to turn off their debit card in the event that there is an actual fraudulent transaction. If the customer responds by authorizing the transaction they can continue to use the card as usual. Using real time alerts this app can help eliminate stolen funds giving the customer peace of mind, protection and positive customer experience. In the ever-changing world of banking, it is imperative that we are proactive in preventing fraud, and we believe that Extraco Fraud Alerts will definitely assist the bank by putting the control of approval in the customers’ hands.

What does Extraco Banks need from our customers?

Extraco Fraud Alerts is a completely free program. However, it is very important that we have updated contact information in order for us to reach out to customers about possible fraudulent transactions. This includes: current phone numbers, addresses, and e-mail addresses.

What are the benefits of Extraco Fraud Alerts?

  1. Extraco Fraud Alerts allows customers to become part of our Fraud department, giving them the authority to deactivate their debit cards in the event of fraud or even a stolen or lost debit card.
  2. Because of the quick turnaround time we can save both the customers and bank time and money by stopping multiple transactions from occurring on the customer’s account.
  3. Again, this is a completely free service to our customers.

Even though the bank may not be able to prevent all fraud, we are definitely taking steps to help detect and reduce it. By staying proactive and partnering with our customers we have the ability to stay a step ahead of fraud.

To see how it works click here.

All Extraco debit card owners are automatically signed up for this platform. Click here to learn more.


phone with a key going into it How to protect your personal data

Tips on protecting your personal data Online, on your Mobile and in Social Media  


Have you ever had your computer, mobile device, or social media hacked? Today you don’t just have to worry about who can access data on your computer. You also need to worry about securing your mobile device as well as your social media apps.

Here are some tips on protecting your device and personal data in all of these channels.

1. Use a password manager to create and manage passwords.
Instead of using the same password for everything, consider downloading and using a service like LastPass. This software will manage, store, and even create passwords for each app or website you use. It’s a secure and easy way to have unique passwords on your computer and your mobile device.
 
2. Use HTTPS to protect your website browsing.
HTTPS at the beginning of a website address indicates that you are communicating with that website on a secure server and those communications are encrypted. Not all websites use HTTPS, so if you don’t see that in the URL then you may want to use a VPN.
 
3. Sign up for a VPN to protect your online browsing.
A VPN – or virtual private network – will protect your IP address, and encrypt your communications so crooks can’t steal your login credentials. You can use this for both computer and mobile device browsing.
 
4. Install anti-virus software and mobile security software.
Viruses, spyware, adware, cookies – they can all be managed by a good anti-virus software package. Chose one and keep it up-to-date. Set it to scan your computer automatically at a set date and time. Norton for Mobile works with both Android and iPhone and has some pretty cool features, such as ‘Scream’ which makes your phone emit a loud noise when you lose it, as well as ‘Remote wipe’ of all data in the event your device is lost or stolen. You can even use the device’s camera to get a pic of who has your device and send that person a message.
 
5. Password protect all devices, turn on the “Find me” option and disable “Location Services”.
These are everyday options that we should all set when we get a new device. No one really needs to know where you are when you complete a transaction or post in social media. Remember – if people can see exactly where you are … they can also see where you aren’t.
 
6. Remember – public wifi systems are not secure.
Crooks can access your private data, logins, etc when you use public wifi systems. Here are some tips on how to manage your public wifi.
 
7. Decide what personal data you are and aren’t willing to share.
Once you’ve decided, stick to those guidelines in all situations. If you really want or need access to something that requires more personal data than you want to share, then you have to decide to between the possible costs (stolen data) and benefits.
 
8. Set up your privacy settings for social media.
Do this for each social media service you use, and re-visit these settings each time the app or service is updated. Consider testing the settings after you set them to make sure they are the way you want them.
 
9. Don’t overshare. No post is truly private.
Even if you do have privacy settings set for your social media, your posts can still be copied, shared, etc by the people with whom you do share. Even if you delete a post, if it’s shared by others there’s nothing you can do to delete. And the post will live on forever on the social media servers, making them searchable if no privacy settings were used.

PCs, mobile phones and social media make our everyday lives and tasks much more convenient and fun. It only takes a few additional steps to make sure you get all the benefits of these channels while protecting your data.

Cain Libby headshot
Libby Cain
VP / Manager of Mission and Marketing Strategy at Extraco Banks

Connect with Libby on LinkedIn.

chip card readerU. S. Migration to chip-and-PIN, or EMV debit cards are in full swing!

On October 1, 2015 the fraud liability shift from bank to merchant went into effect. This means that not being fully chip enabled can leave your business liable for fraudulent transactions and the associated costs. Here are the key steps to getting your business prepared for chip enabled transactions. 
 

GUIDE TO BUSINESS EMV IMPLEMENTATION


Decide how to upgrade your processing software and point-of-sale terminals


Knowing what equipment you have is important. Many times businesses already have components of the new processing software and terminals without having to conduct a complete overhaul. If you don’t know, that’s not a problem. We have specialist who can assist in this area.

Extraco Banks offers various solutions to meet your processing software and terminal needs. Simply contact one of our Treasury Management Service Consultants to find out more. Also, we have more information of all services we offer businesses at https://www.extracobanks.com/commercial/.

Know the difference between “Chip-and-PIN” and “Chip-and-Signature”


As a merchant you have options on how to run transactions. Chip-and-PIN provides the customer the ability to “dip” a card and enter a PIN as prompted by the terminal. Chip-and-signature provides the customer the ability to “dip” a card and sign for the transaction. As a merchant it is important to offer customers options when checking out. This allows the customer to choose their method and creates a seamless customer check-out experience.

Implementation of Chip-Enabled Terminals


Approaching implementation of EMV (chip-enabled) terminals in phases is important to allow a smooth transition.

Phase 1 – Before turning on your chip-enabled terminals it is important to focus on training cashiers and staff. This will help customers complete sound transactions and cause minimal disruption to their purchasing experience.

Phase 2 – During implementation of the terminals it is imperative to focus on the overall customer experience. Communicating the changes to your customers is imperative to bring awareness surrounding the difference in the check-out experience. Luckily thousands of chip cards are currently in circulation which increases the customer’s education surrounding how to use the chip card.

Phase 3 – After all terminals and software are upgraded continue to focus on the customer experience. Ongoing training for staff is important to keep the customer experience smooth.

Communicating Changes to Customers


You have made an investment in new terminals, now it is time to get a return on that investment. It is important to let your customers know about the changes at check out. Communication can be as simple as in-store and point of sale signage or as large as a full marketing campaign via your website, email or direct mail. This is an opportunity to inform customers of the safety and security chip enabled terminals bring to point-of-sale transactions.

Cashiers are a great communication tool; as they are “frontline” speak with your customers at check out. If the cashier notices a chip card, she should guide the customer through the new process of inserting the card to complete a chip transaction. Additionally, cashiers can remind customers to leave the card in the terminal and allow the customer to follow the terminal prompts. Last, cashiers should remind customers to remove their card and not leave it in the terminal. Cashiers can also help educate customers on why this change has been made – to create a more secure point-of-sale transaction.

Risks of not migrating to chip enabled terminals


The October 1, 2015 date was enforced to signify when the liability shift became effective. From October 1, 2015 the party with the least-secure setup is liable for any credit-card fraud committed at your business. In this case, “least-secure” setup means least chip card enabled.

Without full migration to chip enabled terminals your business has a higher risk of being held liable for fraudulent transactions. To ensure you are protecting your assets, please visit our protection and security information at https://www.extracobanks.com/commercial/protection-security/.

See also:
What you need to know about the new chip debit cards

Krista Rosas
Payments Innovation
& Support Specialist at Extraco Banks

Connect with Krista on LinkedIn.

woman putting briefcase in carBank Jugging: What is it?

and how you can protect yourself

(part 1 of 3)
As long as there are people making money, there will be others who will try to take it from them. While Skimming has been around for a while, the newest forms of theft are Bank Jugging and Card Cracking. You need to be aware of these new schemes so that they don’t happen to you.

What is “Bank Jugging?”

 
Bank Jugging occurs when a thief parks outside of a bank and watches patiently as customers go in and out. The suspect targets anyone who comes out with a bank bag, coin box or bank envelope that looks like they may have a large amount of cash. They then follow the customer and burglarize their car or the victim directly.

Most often the crime occurs at the destination the victim stops at after leaving the bank, a restaurant, grocery store or even their home. When the customer attempts to leave their vehicle they are robbed.

Bank Juggers often park where they have clear visibility of the front door, the commercial drive thru lane or the ATM. If the line of visibility is obscured they will change parking spots. Be aware of vehicles that park but no occupants enter the bank.

How to prevent Bank Jugging:


  1. Be aware of your surroundings, especially if something seems strange as you enter the bank.
  2. Conceal your bank deposit bags, coin boxes or envelopes as you enter and leave the bank.
  3. If you feel like you are being followed, call 911 and drive to a police station.
  4. Take your bank bag or envelope with you into your next destination. Don’t hide it in your vehicle.
Bank Jugging is becoming increasingly prevalent in Texas. It is easy to get in a rush and be distracted, but if you stay aware of your surroundings and report anything suspicious you can avoid getting “Jugged”.

See also:

jack justin headshot
Justin Jack
Social Media Marketing Specialist at Extraco Banks

Connect with Justin on LinkedIn.

man with ski mask on holding credit cardCard Cracking: What is it? and how you can protect yourself

 
(part 2 of 3)

“Need cash quick with no strings attached? Have I got a deal for you?”

 
Who couldn’t use some extra money, especially high school or college students that are just finding their way in the real world? The newest get rich quick scheme is called “Card Cracking” and it is aimed at the younger generation who are new to credit cards and bank accounts and maybe just gullible enough to believe that if it is on the Internet it must be legitimate, right?
 

“Card Cracking”- How it works:


  • Card Cracking involves online solicitation through social media: a tweet, Facebook, or Instagram post offering a way to “get some fast cash” often disguised as a scholarship opportunity.
  • The thief then pressures the victim to grant access to a savings or checking account in exchange for some easy money on the back end.
  • The thief deposits phony checks using a mobile deposit app.
  • Now that the thief has access to account numbers and PIN information they withdraw some or all of the money in the account.
  • The student is coached to then report the card to the bank as stolen in order to get the funds reimbursed.
By the time the bank discovers that the deposited checks were fake, the money has already been withdrawn. In addition to the bank getting duped, the student will likely never see the promised kickback of the stolen funds from the thief. Once the police are involved and the student is determined to be involved in the process, they can be held financially responsible or criminally charged with the theft.

Dozens of students have fallen victim to this form of theft damaging their financial reputation and leaving them with empty bank accounts. Card Cracking may sound like a victimless crime and a harmless way to get extra funds fast, but like so many other get rich quick schemes, if it sounds too good to be true, it probably is.

See also:

jack justin headshot
Justin Jack
Social Media Marketing Specialist at Extraco Banks

Connect with Justin on LinkedIn.

hands typing in pin on ATM machineSkimming: What is it?

and how you can protect yourself

(part 3 of 3)
Card Skimming is not new, but the technology that makes it possible is evolving. Would you be able to identify an ATM rigged with skimming devices?

Let’s start with what is Card Skimming actually is.


Skimming occurs when thieves attach devices to ATMs that capture your card number and PIN. While there are several versions of skimmers the basic components are:

  • A card reader attachment or “skimmer”
  • A keypad overlay
  • A hidden video camera

The main component is the skimmer, which is a small device that fits over the card slot or in some cases inside the card slot itself. As you insert your card, the device reads you magnetic strip and records the information as it enters the ATM. Everything functions normally, but your card has now been copied.

The second component is either a keypad overlay or a video camera that captures your PIN (Personal Identification Number). The overlay is often hard to detect. It simply lies on top of the original keypad and records the PIN numbers as you type. Because the pressure is enough to pass through the overlay and engage the real keypad underneath, the transaction can easily go unnoticed. This method guarantees accurate capture of the PIN.

The alternative to the keypad overlay is a tiny video camera hidden somewhere on or near the ATM. The camera records the user as they type their PIN sequence.

The copied or “skimmed” data is then programmed onto bogus blank ATM cards. When matched with the recorded PIN, thieves can now use the fake cards at ATMs to withdraw cash or make purchases.

Basic skimmer devices record the copied data on the device itself. This means the thief must return to the ATM to retrieve the skimmer device. Newer skimmer devices have the ability to transmit the copied data wirelessly.

So how do you know if the ATM you are about to use has a skimmer device?


  • Most card skimmers are affixed to the ATM. If the card reader looks different than the rest of the machine, try to jiggle it. If it moves or seems to protrude away from the machine, it may be a skimmer.
  • Look for tiny cameras above or near the keypad. They can be as small as a pin hole. Check for molded pieces of plastic that don’t match the rest of the machine. They could be hiding a camera inside.
  • Does the keypad seem too thick? If you use the same ATM frequently you may notice that the keypad looks or feels different.
  • Look for parts or panels that don’t seem to fit correctly or don’t match the rest of the machine.
  • A quick image search for “card skimmers” on your favorite internet browser will produce hundreds of photos of skimming devices.

How you can avoid skimmers.


  • Frequent the same ATM when you need cash. The more often you use it, the more likely you are to notice when something seems wrong.
  • Use your hand to cover your keystrokes as you type your PIN sequence. While this will make it difficult for a camera to capture your number, you may still be vulnerable to a keypad overlay.
  • Beware of unbranded ATMs when possible. Dummy ATMs can be set up in high traffic areas where cash is needed quickly. You may scan your card and enter your PIN only to get an error message that the machine is not working properly. Odds are you just got “Skimmed”.
  • Use ATMs in trusted places such as Banks & stores where surveillance cameras are present and might deter a thief trying to place a skimmer.
Card Skimming is relatively cheap and has a high payoff, so it is likely going to be around for a while. But, now you know what to look for and can avoid being skimmed.

See also:

jack justin headshot
Justin Jack
Social Media Marketing Specialist at Extraco Banks

Connect with Justin on LinkedIn.