How to Protect Yourself From ATM and Card Skimming

Every time you insert or swipe your debit or credit card at an ATM, gas pump, or retail terminal, you could be handing your financial data to a criminal. Card skimming — the use of hidden devices that capture your card information during otherwise normal transactions — costs financial institutions and consumers more than $1 billion each year, according to the FBI. The problem has grown so severe that the US Secret Service launched a nationwide crackdown on card skimming operations in January 2026. Here is what you need to know to keep your money and your identity safe.

What Is Card Skimming?

Skimming is a form of electronic theft in which criminals attach small, disguised devices to legitimate card readers. When you insert, swipe, or tap your card at a compromised machine, the skimmer silently records the data stored on your card's magnetic stripe or chip. Criminals then use that stolen data to create counterfeit cards or make unauthorized online purchases.

There are several types of skimming devices, and they have become increasingly sophisticated:

• ATM skimmers: Overlay devices placed directly over the card slot on ATMs. They are designed to look like part of the machine and are often paired with hidden cameras or fake PIN pads to capture your PIN.
• Gas pump skimmers: Devices installed inside or over gas station payment terminals. Because gas pumps are often unattended and located in low-traffic areas, they are a favorite target for criminals.
• POS terminal skimmers: Devices attached to point-of-sale card readers at retail stores, restaurants, and other businesses. These can be as thin as a credit card and nearly invisible to both customers and staff.
• Shimmers: Ultra-thin devices inserted into chip card slots that intercept data from the chip during a transaction. Shimming is the next generation of skimming and targets the EMV chip technology that was supposed to make cards more secure.

How to Detect a Skimming Device

Before you use any card reader, take a few seconds to inspect it. Most skimming devices have physical tells:

1. Pull and wiggle the card reader: Grasp the edges of the card slot and give it a firm tug and wiggle. Legitimate card readers are securely attached. If the reader moves, feels loose, or comes off in your hand, do not use the machine and report it immediately.
2. Look for loose, crooked, or damaged components: Compare the card reader to others nearby. If one machine's card slot looks different — misaligned, bulkier, or a slightly different color — it may have a skimmer overlay installed.
3. Check for broken security seals: Gas pumps often have tamper-evident seals over the panel that houses the card reader. If the seal is broken, torn, or reads "void," the pump may have been compromised.
4. Inspect the PIN pad: Feel the keypad before entering your PIN. If it feels raised, spongy, thicker than normal, or different from other machines at the same location, a fake keypad overlay may be capturing your keystrokes.
5. Scan for small cameras: Look for tiny holes, unusual attachments, or small devices mounted near the card reader or above the PIN pad. Criminals sometimes mount pinhole cameras in brochure holders, light fixtures, or fake panels to record you entering your PIN.

Best Practices to Avoid Skimming

Detection is important, but the best strategy combines awareness with habits that reduce your exposure in the first place:

Use Contactless and Tap-to-Pay

Whenever possible, use contactless payment methods such as tap-to-pay with your card, Apple Pay, Google Pay, or Samsung Pay. Each tap generates a unique, one-time transaction code that cannot be reused. Even if a criminal intercepts the data from a single contactless transaction, it is worthless for future fraud. This is the single most effective defense against skimming.

Always Use the Chip, Never the Stripe

If contactless payment is not available, insert your chip card rather than swiping the magnetic stripe. Chip transactions create a dynamic, encrypted code for each purchase. Magnetic stripes store static data that can be easily cloned. If a terminal prompts you to swipe instead of insert, consider using a different machine or paying with cash.

Choose ATMs Carefully

Use ATMs in well-lit, indoor locations — ideally inside a bank lobby. ATMs inside banks are monitored by security cameras and serviced frequently, making it far harder for criminals to install and retrieve skimming devices. Standalone ATMs in convenience stores, gas stations, and tourist areas are higher risk.

Cover the Keypad

Always shield the PIN pad with your free hand when entering your PIN. This simple habit defeats hidden cameras and shoulder surfers, which are the most common methods criminals use to capture PINs alongside skimmed card data.

Set Up Transaction Alerts

Enable real-time transaction notifications on your bank and credit card apps. Most financial institutions now offer instant push notifications for every purchase. If your card is compromised, you will know within seconds rather than discovering fraudulent charges days or weeks later when you review your statement.

Monitor Your Statements

Even with alerts enabled, review your bank and credit card statements regularly. Look for small, unfamiliar charges — criminals often test a stolen card with a small transaction before making larger purchases. Catching a fraudulent charge early limits your liability and speeds up the dispute process.

What to Do If Your Card Is Compromised

If you suspect your card data has been stolen through a skimming device, act quickly:

1. Contact your bank or card issuer immediately: Report the suspected compromise and request that your card be frozen or canceled. Most banks have 24/7 fraud hotlines. The faster you act, the less damage a criminal can do.
2. File a police report: Report the incident to local law enforcement. This creates an official record that can support fraud claims and help investigators track skimming operations in your area.
3. Review recent transactions: Go through your recent statements and flag any charges you do not recognize. Your bank will guide you through the dispute process for unauthorized transactions.
4. Request a new card: Do not simply unfreeze the compromised card. Request a new card with a new number to ensure the stolen data cannot be used in the future.
5. Monitor your credit reports: After a skimming incident, check your credit reports for unfamiliar accounts or inquiries. Consider placing a fraud alert or credit freeze with the three major credit bureaus.

Protect Your Broader Financial Identity

Card skimming is one piece of a larger financial fraud ecosystem. Criminals who steal card data often pair it with personal information obtained from data broker sites — your full name, address, phone number, date of birth, and more — to commit deeper identity theft, open new accounts in your name, or bypass security questions.

This is where services like PrivacyOn become essential. PrivacyOn removes your personal information from 100+ data broker sites and continuously monitors for reappearances. By reducing the amount of personal data available about you online, you make it significantly harder for criminals to escalate stolen card data into full-blown identity theft.

Card skimming is a persistent, evolving threat — but it is also one of the most preventable forms of financial fraud. A few seconds of inspection before every transaction, a shift to contactless payments, and proactive monitoring of your accounts and personal data exposure can keep your financial life secure.