Consumers and retailers be on guard: there's a new and more devious way for fraudsters to steal your credit and debit card information.
"Shimmers" are the newest form of credit card skimmers, only smaller, more powerful and practically impossible to detect. And they're popping up all over the place, says RCMP Cpl. Michael McLaughlin, who sounded the alarm after four shimmers were extracted from checkout card readers at a Coquitlam, B.C., retailer.
"Something this sophisticated, this organized and multi-jurisdictional has all the classic hallmarks of organized crime," said McLaughlin.
Unlike skimmers, a shimmer — named for its slim profile — fits inside a card reader and can be installed quickly and unobtrusively by a criminal who slides it into the machine while pretending to make a purchase or withdrawal.
Once installed, the microchips on the shimmer record information from chip cards, including the PIN.
That information is later extracted when the criminal inserts a special card — also during a purchase or cash withdrawal — which downloads the data. The information is then used to make fake cards.
Fraud clue: sticky card
Shimmers have rendered the bigger and bulkier skimmers virtually obsolete, according to Const. Alex Bojic of the Coquitlam RCMP economic crime unit.
"You can't see a shimmer from the outside like the old skimmer version," Bojic said in a statement.
"Businesses and consumers should immediately report anything abnormal about the way their card is acting … especially if the card is sticking inside the machine."
McLaughlin said the Coquitlam retailer detected the shimmers through its newly introduced daily testing of point-of-sales terminals. A test card inserted into the machines kept on getting stuck and the shimmers were found when the terminals were opened.
"We want to get the word out," said McLaughlin. "Businesses really need to be checking for these kinds of devices and consumers need to be aware of them."
Bojic said using the tap function of a chip card is one way to avoid being "shimmed."
"It's actually very secure. Each tap transfers very limited banking information, which can't be used to clone your card," Bojic said.