With about 82% of U.S. adults owning credit cards in 2022, credit card fraud has drawn the attention of many cybercriminals. According to the 2023 Security.org Credit Card Fraud Report, 65% of credit card holders—about 151 million Americans—have been fraud victims at some point. Among the methods the fraudsters commonly use are credit card scanning, skimming, and shimming.

In this article, we’ll explore how fraudsters can scan your credit cards, access your logins, and complete unauthorized purchases. We'll also answer the following questions:

• What is credit card scanning? 
• What is the difference between credit card scanning, skimming, and shimming?
• What happens when my credit card gets scanned or skimmed?
• How to protect my credit card from being scanned?

What Is Credit Card Scanning?

To understand how credit card scanning works, you should know the structure of a typical credit card. At the most basic level, a credit card is a piece of plastic that contains the card's information and a way of transmitting it. 

Some information is printed on the card so that you can read it. Not long ago, most payment cards had a magnetic stripe that held your sensitive data, which could be decoded by a card reader. While some cards still have the stripe, most cards today have chips that also hold the information but transmit it in a safer way—they tokenize the data for each transaction, so your credentials aren't transmitted directly. 

Some cards can also use Radio Frequency Identification (RFID) technology to communicate with the reader. This technology allows you to pay without swiping your card or inserting it into a reader. For this to work, the card must be extremely close to the reader because it relies on the reader's electromagnetic field for power. 

While banks often encrypt the data on their credit cards' chips and deploy several measures to prevent breaches, hackers keep devising new ways to access cardholders' data, such as scanning, skimming, and shimming.

Credit Card Scanning vs. Skimming and Shimming

Credit card scanning, skimming, and shimming are often used interchangeably, but the three techniques have some notable differences: 

While all three illegal activities involve stealing card credentials to complete fraudulent transactions, credit card skimming and shimming are more sophisticated than scanning. They require finding locations with gaps in surveillance coverage and involve complicated methods of device installation. 

The Rise of E-Skimming

While you may not be using magnetic stripes and chips for online shopping, hackers have found ways to "scan" your card details even online, and it's called e-skimming. 

E-skimming involves inserting a credential-stealing code into a popular e-commerce website. If the fraudsters succeed at doing so, they will gain access to all the information you provide to the store at checkout.

What Happens When My Credit Card Gets Scanned?

Once a fraudster has accessed your credit card details, they can use this information to:

• Commit card-not-present frauds—This type of fraud involves using stolen credit card information to complete fraudulent online or in-store purchases.
• Steal your identity—Cybercriminals can also use your credit card details to create false accounts or apply for online loans.
• Create duplicate cards—Sometimes, hackers can copy your account details onto counterfeit credit cards for in-store purchases.
• Sell it—There are markets for illicit goods and services on the Dark Web, and many of them sell stolen credit card information. 

There are some consumer protections designed to make it easier for victims to recover—the Fair Credit Billing Act (FCBA) being the most notable. The Act limits your liability in case of credit card fraud to $50. Many card issuers have $0 liability policies, too, meaning that you're not liable at all if your card details get stolen. However, you will likely suffer from some disruption in your daily life, especially if the fraudster's activities damage your credit score and you don't catch it on time. 

For these reasons, you should notify your card issuer as soon as you notice something wrong with your card. Waiting for too long can make resolving the issue a lot more difficult and time-consuming.  

How To Protect Credit Cards From Being Scanned

The first step in protecting your credit card from being scanned is to know there's a possibility of such fraud. You can employ several strategies to make scanning your card less likely to happen:

• Buying an RFID wallet or a card sleeve to block RFID transmissions from cybercriminals' card readers
• Using payment terminals with adequate security monitoring, preferably those in public view or close to cashiers and bank tellers
• Paying inside or in the view of a cashier if you're unsure about the security of a payment terminal
• Leaving your card at home and carrying cash when visiting crowded areas or tourist attraction sites
• Activating transaction alerts to spot and flag unauthorized account activity as early as possible

How To Protect Your Credit Cards From Skimming and Shimming

A great way to protect your credit card from skimmers and shimmers is to look for signs of tampering. Credit card skimmers and shimmers are generally difficult to spot. However, with a bit of extra caution, you can notice the following five signs:

1. Convex card readers—When hackers place skimmers over readers, they often create a convex shape (curve outwards).
2. Damaged card readers—Check if the device is loose or damaged or if any part is misaligned or out of place.
3. ATM keypads with moving edges—Try to wiggle the machine's keypad to check if it has moving parts or if the numbers feel thick and hard to press.
4. Different terminal shape or look—Does it feel different from the terminals you regularly use? If anything feels odd, do not insert your credit card.
5. Damaged gas pump security seals—Gas pumps often have stickers on the dispensers to show they've not been opened or compromised. If the sticker is torn or missing, it may not be a good idea to use that pump.
   ‍

Regarding e-skimming, you can protect your sensitive information by using virtual cards to mask your account information during online purchases. If you opt for independent card providers such as Privacy, you'll also benefit from additional security and convenience features.

Introducing Privacy Virtual Cards—Shop Online With Confidence

While the general perception may be that credit cards offer better protection against fraud due to their liability rules, debit cards also have consumer protection rules. A perfect example is the Electronic Funds Transfer Act (EFTA), which limits consumer liability to $50 for unauthorized payments reported within 48 hours. 

Using debit cards also allows you to take your protection a step higher by connecting them to Privacy Cards. Privacy Virtual Cards mask your actual account details at checkout by replacing your card details with randomly generated card numbers, reducing the chances of hackers obtaining your payment card information.

Privacy is BBB^®-accredited and uses multiple security measures to safeguard user data, such as:

• Complying with Payment Card Industry Data Security Standard (PCI-DSS)
• Integrating with 1Password to enable users to manage strong, unique passwords
• Using private single-tenant data storage networks to eliminate the risk of shared databases
• Placing data storage networks in three separate locations to prevent a possible attack on all of them at once

Types of Privacy Virtual Cards

Privacy users can create either Single-Use or Merchant-Locked Cards:

Both card types allow users to set spending limits and pause and close cards at any time to reduce the risk of unauthorized payments—all without affecting the funding source. 

You can also manage your cards on the go via Android and iOS apps and install the Privacy Browser Extension, which is available for Safari, Chrome, Safari for iOS, Firefox, and Edge. The extension allows you to autofill card info at checkout, so you don't have to memorize card details when shopping online. 

How To Apply for Your Privacy Cards

Privacy allows its users to create virtual cards in four simple steps:

1. Sign up
2. Enter the details needed to verify your identity
3. Add a funding source (bank account or debit card)
4. Request Privacy Virtual Cards
   ‍

Privacy offers three plans with access to different features:

Privacy Virtual Cards are accessible to U.S. residents over 18 years old with checking accounts at a U.S. bank or credit union. You can use it at most merchants and websites that accept U.S. Visa® and Mastercard®.

‍