Credit card shimming when swiping card on reader device
08 Feb 2024

Credit Card Shimming 101: What You Need to Know

Have you ever heard of credit card shimming? It’s a new and sophisticated form of credit card fraud that many people are unaware of. Shimming is the practice of inserting a slim, paper-thin device into the card reader of an ATM or payment terminal to steal credit card information.

Unfortunately, this practice is becoming increasingly prevalent, and if it happens to you, it can be a frustrating and time-consuming process to repair the damage. But fear not, because in this article we will take a closer look at shimming, how it works, and what you can do to safeguard against it.

Understanding Credit Cards and Their Vulnerabilities

Credit cards have become integral to our lives, offering convenience and financial flexibility. But to effectively safeguard ourselves from fraud, we must first understand how they work and their inherent vulnerabilities.

The crucial data for any transaction is stored in the magnetic stripe or the EMV chip on the card. The stripe or chip contains the card number, expiration date, and CVV, which authenticate and process transactions.

While credit cards offer numerous benefits, they are not without risks. Fraudsters employ various techniques to steal your card information, with skimming and shimming among the most common.

Understanding the workings of credit cards and their vulnerabilities is the first step in protecting ourselves from potential credit card fraud. As technology evolves, so do the tactics fraudsters employ, making it essential to stay informed and vigilant.

What’s Credit Card Shimming, and How Do the Devices Work?

Shimming is a more advanced form of skimming. Here, scammers insert a paper-thin, card-sized shim containing a microchip and flash storage into the card slot of a terminal or ATM. This shim then intercepts the data from your EMV chip card, even though these chips were designed to be much more secure than the old magnetic stripes.

When you insert your card into a compromised machine, the shim, already placed inside the card reader, sits between your card’s chip and the chip reader in the machine. As the machine reads the chip to process the transaction, the shim also reads and stores all the card data transmitted during the transaction.

This data includes your card number, expiry date, and cardholder name. However, it’s important to note that the data on the chip is encrypted, making it significantly harder (though not impossible) for fraudsters to use the stolen data.

How Fraudsters Use Shimming to Steal Information

Once the shim has intercepted the card data, the fraudster needs to retrieve the shim from the machine. They then download the data onto a computer, where they can attempt to decrypt it.

If successful, they could potentially create a counterfeit magnetic stripe card using the stolen information. This is because while the stolen chip data itself cannot be used to create a counterfeit chip card (due to the encrypted security codes that change with each transaction), the data can be used to create a magnetic stripe version of the card.

It’s crucial to note that shimming primarily works on terminals that aren’t fully EMV-compliant. Fully compliant terminals and ATMs generate a unique transaction code for each payment, rendering any stolen data useless for future transactions.

Preventive Measures Against Credit Card Shimming

While credit card shimming is a sophisticated form of theft, there are several preventive measures one can take to protect one’s financial information.

Inspect the Machine: Before inserting your card, take a moment to inspect the card reader and keypad. Use another machine if anything looks out of place, loose, or damaged.

Cover Your PIN: Always cover the keypad when entering your PIN to guard against hidden cameras.

Use Bank ATMs: ATMs located in bank branches are generally safer than standalone ATMs, as they’re more likely to be under surveillance and regularly maintained.

Be Wary of Unfamiliar Machines: If you’re unfamiliar with a payment terminal, especially if it’s unattended, it might be safer to pay with cash or use a mobile payment option.

Set up Alerts with Your Bank: Many institutions now issue EMV chip cards as standard, and they also monitor accounts for suspicious activity. If unusual activity is detected, they can block the card and notify the customer.

Signs Your Credit Card May Have Been Shimmed

While the act of shimming is stealthy and often hard to detect, some signs can suggest your credit card may have been compromised.

    Unusual Activity on Your Account: One of the most obvious signs is noticing charges on your account that you did not authorize. Regularly monitor your credit card statements and set up alerts for any transactions made, especially for those conducted overseas or high-value purchases.

    Difficulty Inserting or Removing Your Card from ATM or Terminal: If it’s unusually hard to insert or remove your card from a terminal, there might be a shim inside.

    Inconsistent Transactions: If your card works at one terminal but not another, it could be an indication that one of the machines has been tampered with.

    Changes in your Credit Report: Unexpected changes in your credit score or new accounts that you didn’t open appearing on your credit report can be a sign of identity theft.

    Collection Calls for Debts You Don’t Owe: If you start receiving calls from debt collectors for debts that aren’t yours, this could be a sign that your card information has been stolen and used fraudulently.

What to Do if You Suspect Your Card Has Been Shimmed

  1. Contact Your Bank or Credit Card Issuer Immediately: Report the suspicious activity and ask for a new card with a new number. Most banks have 24/7 hotlines for reporting fraud.
  2. Monitor Your Accounts Regularly: Keep a close eye on your bank statements and credit card bills. Look for any charges that you don’t recognize.
  3. File a Police Report: If your card information has been stolen and used fraudulently, file a report with your local police department. This can help when disputing fraudulent charges with your bank.
  4. Check Your Credit Reports: Review your credit reports for any unusual activity, such as accounts you didn’t open or changes in your credit score. You can request a free credit report once a year from each of the three major credit bureaus: Equifax, Experian, and TransUnion.
  5. Consider Identity Theft Protection Services: These services can monitor your credit reports and other personal information for signs of identity theft and fraud.

Steps to Take If You Are a Victim

If you suspect that your credit card has been shimmed, it’s important to act quickly to minimize the damage and protect your finances. Here are the steps you should take:

  1. Report to Your Bank or Credit Card Issuer: Contact your bank or credit card issuer immediately to report the suspected fraud. They will likely cancel your current card and issue a new one.
  2. Monitor Your Accounts: Keep a close eye on all of your financial accounts, not just the one linked to the compromised card. Look for any unauthorized transactions.
  3. Change Your PINs and Passwords: To ensure the safety of your other accounts, change your PINs and passwords, particularly if you use the same ones across multiple accounts.
  4. File a Police Report: It’s important to report the crime to your local law enforcement agency. Having an official report can help when dealing with your bank or credit card company.
  5. Report to Credit Bureaus: Contact one of the three major credit bureaus (Experian, Equifax, TransUnion) to place a fraud alert on your credit reports. This makes it harder for thieves to open more accounts in your name. You only need to contact one bureau, as they are required to inform the other two.
  6. Report to the Federal Trade Commission (FTC): The FTC tracks identity theft cases and can provide useful information about what to do next. You can report the incident online at

Stay Informed, Stay Safe

Credit card shimming is a growing concern among consumers who rely on credit cards for their daily financial transactions. It is a sophisticated technique used by fraudsters to obtain your card information and use it for fraudulent purposes.

However, by being vigilant, understanding how shimming works, and taking necessary precautions, you can protect yourself from falling victim to this crime. It is crucial to monitor your financial statements regularly and report any unauthorized transactions immediately.

Remember, prevention is the key to avoiding credit card shimming, and by staying informed and taking proactive steps, you can protect yourself from becoming a victim of fraud. As always, our team at Kaydem Credit Help is here to answer any questions you may have about protecting and improving your credit and financial well-being.