Before I go into steps to protect yourself from card skimmers, it is important to understand the various protocols used in POS (point of sale) devices to read your credit/debit cards. There are 4 types and they are --- swipe (magnetic strip), chip (chip in card), tap (RFID) and smartphone (NFC). I won’t go into the details on each of these, but it is sufficient to be aware that there are multiple technologies involved in POS transactions. Now, here are different ways to prevent or at least lower your chances of becoming a victim of card skimming listed in the order of most effective to least effective.
- Use your 'smartphone' to pay (Google Pay, Apple Pay) wherever you can. How to get this setup is outside of the scope but it is very easy. This is the strongest protection you get today, and it is extremely difficult (if not impossible) for criminals to scam you. Most POS devices accept these today although if you live in US (lagging behind the world) it is not uncommon to see vendors using ancient devices that does not support smartphone pay.
- Use 'chip+pin' if your card and the POS device supports, this is the second-best way. If you live outside of US like Europe, even in India, you are golden because it is the standard for POS devices for many years and you are required to use pin to do transaction. Every time I was on a business trip to India, I always find myself arguing with waiter at restaurants “hey, I don’t have a pin” 😄. If you live in US, it sucks since chip+pin is not mandated for whatever reason.
- Use 'chip' if your card and the POS device supports. Most credit card/banks these days issue cards with chip but unfortunately in US, they also include the magnetic strip to cover the lazy ass vendors who still use archaic magnetic swipe. This pretty much negates the benefit of chip as scamming devices can still read your magnetic strip. So, if you live in US, what I’d recommend is to scratch the magstripe on purpose (I did that on all my cards). Use a sharp knife or steel wool to scratch the magstripe to a point it can’t work. Keep one card with magstripe in case the vendor says, “we don’t have chip reader you have to swipe”. Trust me these guys won’t change unless they are mandated by law to switch to modern POS at state/federal level.
- Use ‘tap’ if the POS device and your card supports it. If you see this symbol on the back of your card, then it is enabled for RFID. Again, US lags on this protocol as well. While this is the most convenient way to make purchase, there is a huge security hole in this method which enables most sophisticated attacks which I won’t go into detail but there are things you can do to avoid them i.e., use an RFID blocker (you can buy them at amazon for $2 a piece) and place it in your wallet/purse along with your credit/debit card equipped with this technology. I use these if you need a recommendation https://link.selvansoft.com/1307688f
- Use 'check' which of course has many problems of its own but it may be slightly better than the last one below.
- Lastly, if none of the above options available to you, you have no choice but to use magstripe/swipe. You might want to spend few seconds to look for signs of tampering on the POS device. See the picture at top of this blog for signs to look for. Obviously, you won’t have lot of time besides, you may annoy other customers behind you if you are spending too much time poking around the device 😄
Finally, you can and should setup text alerts when your card is charged even for a $1. Almost all bank/credit card institutions provide the feature to TXT. The only annoying thing is getting TXT for everything you do on your card, but it is better than being a victim.
My text alerts look like this (see screenshot below). Notice it says “card ending in xxxx was not present” that has multiple meaning but, in this case, it means these transactions are done without card i.e., done with google pay which I use everywhere it is accepted and it’s the most secure way today to pay at POS. Period.