NEWS

'Skimming' scams sting shoppers, diners

Tim Evans
tim.evans@indystar.com

He's a young college student, new to the "big city" life in Indianapolis and super cautious with his first credit card.

So the young man watched, probably more closely than most of us do, as the waitress walked away after picking up his bill and credit card at an Eastside restaurant.

And it's a good thing he did.

That vigilance saved him — and who knows how many others — what would surely have been a summer of financial and personal headaches. It also should be a lesson to us all.

As the waitress left his table, he saw her pause and pull something about the size of a deck of cards from her pocket. As he watched, she removed his credit card from the check holder and swiped it against the device from her pocket, then proceeded on to the cash register to ring up his bill.

The young man wasn't sure exactly what he had seen. But he suspected he had just become the victim of a crime. So he dialed 911.

When a police officer arrived and asked the waitress to empty her pockets, he discovered she had a credit card "skimmer" — an electronic tool used by criminals to collect and store the data embedded on the magnetic strips on the backs of our credit and debit cards.

If the young man, who didn't want his name used in this story, hadn't seen the waitress and reported her actions to police, his financial data and likely that of many other customers would have been compromised.

The waitress, Meirong Lin, is now facing a criminal charge of Unlawful Possession of a Card Skimming Device, a Level 6 felony. If convicted, she could be sentenced to up to 30 months in prison.

It may be the first time since the state's anti-skimmer law went on the books in 2006 that someone has been charged with that crime in Marion County. But that's only because most skimming — and it happens a lot — is not witnessed.

"It is a rare case in that the allegation is that the card skimmer was actively being used," explained Peg McLeish, a spokeswoman for the Marion County prosecutor.

While "skimming" may typically go unseen, it is a growing problem that costs Americans more than $1 billion a year, according to federal data. These one-off thefts are not nearly as dramatic and don't get the headlines that follow major data hacks at big businesses and corporations, but the crime can be just as devastating to individuals.

The theft of personal financial data is among our greatest fears when it comes to being victimized by crime — far ahead of being murdered, raped or mugged — and for good reason. Americans "are more likely to worry about having credit card information they used in stores stolen by computer hackers than any other crime they are asked about," according to a 2014 Gallup poll.

According to Gallup, 69 percent of those surveyed said they "frequently or occasionally worry about this happening to them." The poll also reveals the reason that fear ranks so high: A quarter of those surveyed had been the victims of credit card hacking through a store or business.

I don't know about you, but I fall into both groups.

Restaurants are among the places where we are most likely to be victimized, by some reports accounting for nearly 70 percent of skimming incidents. Think about it. There aren't many other places where we let our credit or debit cards out of our hands — or sight.

"You see this stuff more and more because it is one of the ways that these guys get credit card numbers," explains Michael Gregg, CEO of Superior Solutions Inc., a Houston-based cybersecurity firm.

Gregg says skimmers are relatively inexpensive and easy to get online.

It's not just restaurants that pose a threat. A recent FICO report revealed debit card data thefts from ATMs on bank property from January to April were up 174 percent from the same period in 2014. For non-bank ATMs, the rate jumped more than 300 percent.

Most of those breaches, Gregg says, are the result of skimmers designed to fit over and look like part of an ATM's legitimate card reader.

"You've got to be really, really careful about what kind of device you put your credit cards and debit cards in. If doesn't look right, pull on it, give it a closer look and if anything at all seems suspicious, don't use it," he warns.

"When they run your card through the skimmer, they have all your information."

And then the crooks are off, selling your card data or using it to make online purchases. Another common practice is to transfer your card data to another card, such as a prepaid or gift card. One report I saw while researching this story said the average charge run up on a skimmed card is about $2,000.

If your data is swiped from a credit card, your loss is generally capped at $50.

But if data was skimmed from a debit card, Gregg says your exposure could be significantly more. And if the skimmer also gets your PIN number, your bank account can be emptied — and you may have to wait weeks or months to get some or all of that money back.

Here's some advice, culled from sources I found on the web, on how to protect yourself and your card data:

•Monitor your credit card and bank statements closely and immediately report any signs of suspicious activity.

•Whenever possible, use a credit card, rather than a debit card, for purchases.

•If you use a debit card at a business, process it as a credit card (if possible), so you don't have to use your PIN.

•Check the card reader on ATMs and don't use them if anything looks odd or feels loose. ATMs inside bank buildings are generally less susceptible to skimming, but not immune (remember the FICO report I told you about).

•When entering your PIN, use your hand or body to block the view from cameras or people standing behind you.

•Don't let store or restaurant employees walk away or out of sight with your card.

•And, in a restaurant, whenever possible, pay at the cash register.

Tim Evans is The Star's consumer advocate. Call him at (317) 444-6204 and follow him on Twitter: @starwatchtim