What is Shimming in Cyber Security?

Shimming in Cyber security

Shimming is a process of putting a small paper-sized device called “Shim” on credit cards to steal user’s credit card details and use it by thieves for their own monetary benefits.

From 2019 to 2020, the number of credit-card frauds reports increased by 44.6%, according to statistics. Shimming is an updated version of skimming & people should be alert from these attacks.

In this guide, we will discuss what shimming is in cyber security, how it affects and the best ways to prevent shimming. 

📌 Table of Contents

What is Shimming in Cyber security?

Shimming in Cyber security is a method that can be utilized to sidestep security. The attacker might venture down into gadget drivers and control them in manners that sabotage security.

The shimming assaults are banking security that targets Europay, MasterCard, and Visa chip cardholders. A “Shim”is a gadget set inside the ATMs or pump to block card perusers. 

However, without rigid security highlights and start-to-finish encryption, fraudsters can, in any case, catch applicable card information during any EMV exchange – an arising sort of assault known as shimming.

Sniffers are programming projects or equipment types that permit the client to Sniff or screen web traffic, progressively catching every one of the information streams.

📌 Related guides

How do Shimmers in Network safety work?

In 2020, the number of credit-card frauds reported was 459,297 and 34% of users lost their money in this attack, according to the Federaltradecommission. The shimmer attack mostly happens in ATMs or Pumps to those who are credit-card holders. Thieves follow a step-by-step process to make a shimming attack. Here’s the step-by-step process of Shimming:

Step 1. Thieves Used a Chip called “Shim”

To do Shimming, thieves used a small paper-sized chip with a microprocessor and flash memory inside it. This chip is used to capture credit card details. 

Step 2. Placed a Chip on ATM or User’s Card

They placed this chip on the user’s credit card or ATM to collect their credit card information without being easily recognized. 

Step 3. Hide the Chip

Then, they place a plastic cover on the ATM keypad, which is used to steal PIN information without suspicion by users. Users enter this info on the screen as they do.

Step 4. Steal the Cards Details

It is placed on the entry point of the card area, which records the information on the magnetic stripe.

Step 5. Misuse by thieves for Own Benefits

There’s a device with multiple cameras near the ATM to record the user’s credit card information on the machine’s keypad and use thieves for their own monetary benefits.

What is the Difference between Skimming and Shimming?

Skimmers and Shimmers are small gadgets that thieves use in ATMs, service station pumps, stopping installment machines, and different spots where individuals swipe credit cards or charge cards.

Skimmers are more seasoned than shimmer and logically more normal. These gadgets fit over the genuine card peruser and capability similarly – stealing data from users card’s magnetic stripe when a user swipes the card through the peruser. 

However, unlike a genuine card peruser, the skimmer or shimmer channels the card data to criminals. With this data, those lawbreakers can clone the card they examined.

Many people are confused between Shimmer or Skimmer and want to know the real differences.

Let’s find out the key differences between Shimmer and Skimmer:

ShimmerSkimmer
Shimmers are like skimmers yet fit into the chip peruser of a Mastercard terminal, between the actual terminal and a client’s charge card.Skimming happens when gadgets unlawfully introduced on ATMs, retail location (POS) terminals, or fuel pumps catch information or record cardholders’ PINs. Criminals utilize the information to make counterfeit charges or Visas and afterward take from casualties’ records.
The chip information that shimmer gathers from cards is offloaded to criminals remotely through a little radio module incorporated into the gadget.Skimmer hijacks the card understanding interaction and sends the caught information to the programmer, who can then involve the subtleties for their utilization. Since skimming gadgets are tiny, the casualties rarely at any point notice them.
Before chip-empowered cards, skimming was a technique for fraud that would peruse a card’s attractive stripe.Shimming is generally a similar idea to skimming, yet rather than perusing the stripe, skimmers read the data in the card’s chip.
Credit card “shimming” is a generally new way for tricksters to take your data. The programmers embed a little, paper-slim gadget into a Mastercard chip per user so that when your card is embedded, it peruses the information on your card and stores it for their utilization.Skimming” is one of the principal issues in data fraud with check cards. Programmers will put a practically imperceptible cover over card openings and sweep your data. The charge card can then be gotten to by any of the tricksters with your card data.

What is Anti Shimming?

Anti-shimming implies how one can safeguard from fraudsters during the most common way of shimming i.e.,  embed a “shim” into the card peruser that permits them to duplicate the chip-card data. Presently, they can’t utilize that data to make another chip card.

The Technology that is used for Anti-Shim innovation is another lock gathering where the hook has a little profile that doesn’t overhang the shackle, so there is no objective for the shim device to hit.

The Shimmer is eliminated from the ATM or card perusers to recover the taken information. The taken data is then sold on the Web or used to clone the magnetic strip cards.

Shims can likewise be utilized for running projects on various programming stages than they were created for.

This procedure can sidestep security controls and get close enough to delicate information or frameworks.

Three Steps to prevent shimming assaults are:

Step 1. Guarantee that the cards are encoded involving different confirmation values for magnetic stripe cards and EMV chip cards. It is urgent to guarantee that the integrated card validation code (ICVC) of the EMV chip is not the same as the CVV on the magnetic stripe card.

This will ensure that assuming that the EMV chip card information gets taken, the assailants can’t utilize it to make a copy attractive stripe card.

Step 2. Refreshing the equipment and the product of ATMs prevents the bank, card backers, or clients from being the survivors of shimming assaults.

Step 3. To recover the information taken from EMV chip cards, the assailants need to eliminate the shimmer gadgets from the ATM or the card perusers. The card backers or bank authorities can often overview and check for unnoticed instruments.

📌 Further reading on cyber security

Final Words

One can keep from shimming by never imparting data to anybody and covering the keypad while entering it at the checkout or at an ATM to protect it from hidden cameras and others holding up in line. Use ATMs inside bank vestibules.

Whenever the situation allows, use ATMs housed inside a bank, or in the vicinity of a bank, for an additional layer of security. We hope this article helps you to be aware of the shimming attacks and the best ways to prevent this attack.