Skip to main content

How to Mitigate Skimming Risks: A Guide for Financial Institutions


When you give your account holders a debit card, you become part of their day-to-day spending habits. Whether they know it or not, they are placing their trust – and their hard-earned money – in your hands. Unfortunately, fraudsters are eager to exploit this relationship, especially when it comes to debit card transactions.

Skimming ranks as one of the top trends in consumer financial data breaches1. This means your institution has to be on the forefront of knowledge in this area.

To help mitigate the risks of skimming, protect your cardholders and stay ahead of fraudsters, here's what you need to know.

What is Skimming?

Skimmers are small devices installed by fraudsters at public payment terminals where debit cards are used (most commonly, gas pumps and ATMs). Skimmers are designed to capture consumers’ card data in an undetectable way.

These locations are particularly vulnerable to this type of attack because of the ease of installing skimmers on them, particularly in secluded areas. Consumers who are in a hurry often forget to check the pump or ATM for skimmers, making them easy targets.

Fraudsters also continue to evolve their skimming devices. A consumer may not be aware that someone skimmed their card data until they check their account balance. Should you find you have cardholders with compromised data, there are definitive steps you can take to mitigate the fraud.

What to Do if You Suspect Skimming

One of the best way to defend against ATM skimmers is through internal procedures requiring your employees to continuously monitor your ATMs. When it comes to gas pump skimmers, the best way to defend against fraud is through cardholder education and awareness.

If your financial institution finds a skimming device installed on one of your ATMs, don't attempt to remove the device. Rather, contact local police immediately. Secure the video footage from the ATM and make duplicate copies so you can give a copy to law enforcement officials.

You should also contact the Secret Service office closest to where the event happened. You can find your local office here. Once those steps are complete, be sure to inspect the rest of your ATM fleet and assess the window of exposure (WOE) for the incident by examining your video footage.

If you’re able to determine that the source of skimming was a gas pump, contact local police to investigate. Once the skimming device is located, try to determine what terminal ID was being skimmed and the WOE.

When skimming occurs, the time between the card being skimmed and fraudulent transactions occurring is usually very short – much faster than the typical point-of-sale breach. So it’s very important that financial institutions react quickly to determine which of their cardholders used the same device, and what actions you need to take to best protect those cardholders.

The Trust Factor

In addition to these physical-mitigation actions, it's imperative that cardholders feel secure with their financial institution.

Over the past three years, PULSE's DebitProtect® program mitigated over $44 million in attempted debit fraud. A solution like DebitProtect can help financial institutions detect fraud attempts quickly and effectively, protecting cardholder data and avoiding broad reissue measures.

This means your debit cardholders' daily spending has an additional layer of security, as well as a team of dedicated fraud analysts whose sole purpose is to keep your cardholders and your financial institution safe.

If you're curious about how DebitProtect Authorization Blocking can benefit your financial institution and debit cardholders, reach out to PULSE and begin the conversation.


1 Top 4 Skimming Threats, Bank Info Security