Can you spot a card skimmer?

I can’t. Not always, anyway. Take a look at all the clever ways scammers skim ATM cards and PINs.

If you’ve seen one of those semi-transluscent, green card slots with an image of a padlock on it, you know that banks are aware of the problem and are doing something to prevent it. Still, it seems like banks and other ATM owners could be doing more to let their customers know, at each ATM machine, how to avoid getting suckered by a skimmer. A picture of an unsullied model on the side of every ATM would be a big help. That way, you could compare the real-life model you’re looking at with the image, and hopefully you would notice any material discrepancies. I suppose evil-doers could simply replace the image with their own, but at least their jobs would be made more difficult for having to take that step. And it would provide ATM users with one more chance to notice a sloppy installation of an add-on to the machine.

Another option is a bit more high-tech, and would involve the ATM flashing a number on the screen that should match a number being displayed on the lip of the ATM card slot. This could be hacked, of course, but it would require gaining access to the ATM’s guts. Anything that increases the cost to would-be thieves in time and technical know-how is a good thing.

Anyhow, in the event that banks and other ATM owners do not put in a lot more effort than they currently do to stop this problem, what should you, the average ATM user, do?

Tips for avoiding ATM skimmers

I wish I could give some really solid advice here, but there are no foolproof methods. Here are the things I do to avoid card skimmers:

  1. Try to use ATMs inside banks, where it’s less likely that someone will install a skimming device.
  2. Quickly look at the parts of the ATM. If you see cheap looking components that seem like they could come off with a slight tug, beware.
  3. Cover the keypad with your non-typing hand as you punch in your PIN. Scammers need the information on the magnetic strip of your card and your password to gain access to your bank account. If you deprive them of your password, they’ve only got half of the information they need. Watch out for fake keypads placed over the real keypad, though, since this can allow scammers to get your password no matter how well you cover up when you key it in.

Read more about fraud,offline security

Internet crime: 2001 to 2007

Since 2001, the Internet Crime Complaint Center (IC3), a partnership between the FBI, the National White Collar Crime Center, and the Bureau of Justice Assistance, has been publishing annual reports on internet crime. I found some interesting tidbits inside.

Most of the complaints submitted to the IC3 are from the United States, but they apparently get a few from Canada, the UK, India, Mexico, and Australia, too. As the graph below shows, the number of complaints rose steadily from the IC3’s inception to 2004, but has since levelled off.

Graph of number of complaints to IC3 between 2001 and 2007

Keep in mind that the numbers above are not necessarily representative of the number of internet crimes that occur in the United States; the IC3 reckons that enforcement agencies learn of just one in seven incidents of fraud.

The trend from year to year may be a more useful measure of how prevalent internet crimes are, but the first year or two (when the IC3 was relatively unknown and complainants would not know to call them) probably makes the rise in crime in the early 2000s look more dramatic than it was.

Typical Losses

Suppose you find yourself calling the IC3 hotline some day — what amount would you likely be calling to report stolen? To get an idea of what is typical, we need to know what the median loss is.

The median is particularly useful for discussing how most people are affected by internet fraud because the measure isn’t skewed by a small number of extreme cases. The IC3 says that the median loss across all types of internet crime in 2007 was $680*, although the amount varied widely depending on the caper.

Graph of median loss across categories of internet crime

The upshot is that check fraud, Nigerian letter fraud (which I’ve written about before), and confidence fraud tend to sting their victims for big sums, but they are also rare. They account for about 14% of the reported total, while lower value crimes like auction fraud, non-delivery of merchandise, and credit/debit card fraud make up nearly 70%.

Inegalitarianism of fraud

Since the IC3 began tracking both statistics in 2004, men have made more complaints and reported larger losses than women. That’s interesting, but I wonder why.

Graph of male complaints and losses as a percentage of female complaints and losses

Are men more gullible than women when it comes to internet fraud? That could very well be true. There are other possibilities, too. Perhaps men don’t bother reporting small frauds or women are too embarrassed to report large frauds. Or perhaps men regularly engage in larger internet transactions, inevitably losing larger amounts when deals goes bad.

Each of these scenarios could provide data like what we see in the graph above, but there’s nothing in the IC3 reports that would help us distinguish between them. Feel free to contribute your preferred narrative in the comments!

*All amounts in USD.

Read more about fraud