Security
How can card readers combat skimming?
In order to stop skimming operations, ATM operators and banks should consider embracing advanced security controls or features that prevent skimming on the card readers.
November 21, 2025 by Bradley Cooper — Editor, ATM Marketplace & Food Truck Operator
Card readers are a critical component in ATMs. Despite the rise of contactless and mobile withdrawals, many customers still rely on card readers to pay for goods at POS or interact with an ATM. Old habits do die hard and criminals are happy to exploit card readers to steal data.
Despite advancements in card reader security, skimming still costs banks and consumers more than $1 billion annually, according to data from the FBI.
In order to stop these skimming operations, ATM operators and banks should consider embracing advanced security controls or features that prevent skimming.
How have card readers changed?
Toshiyuki Kobayashi, VP of Nidec Instruments Corp. said in a video call that card readers have changed significantly over the years.
"Originally it was just a magnetic stripe reader," he said. Later on, Nidec added a dip insertion reader along with EMV issued motor card applications in the 1990s.
Jodi Neiding, VP of Americans banking portfolio at Diebold Nixdorf echoed this sentiment.
"Card readers have evolved from simple data readers into intelligent, secure access points. We've seen advances like EMV (Europay, Mastercard and Visa) and contactless integration, stronger encryption and new mechanical designs such as Diebold Nixdorf's ActivEdge card reader. It features a unique long-edge insertion and an encrypted moving head to prevent traditional skimming methods," Neiding said in an email interview.
How has skimming changed?
Kobayashi said that the original skimmers were fairly simple devices, such as an overlay. This fake skimmer was placed, "in front of the card reader gate, which contains a little magnetic head to steal the magnetic data," he said.
"That's the original skimmer. It's still available in the market." He added that some newer skimmers place it inside the card reader in what's called a parasite skimmer. This moves the skimmer "from external to internal."
Neiding agreed, stating that criminals are ditching more "visible overlays" for "deep-insert and internal skimming devices."
He added that wireless and Bluetooth technologies have also enabled scammers to more effectively steal customer's card data.
"Advancements in battery technology and smaller components have enabled these changes. The use of wireless and Bluetooth technology allows criminals to transmit stolen information to a nearby device, eliminating the need to physically retrieve the skimmer," Neiding said.
The FBI adds that criminals will also use other devices alongside skimmers to steal customer's PIN numbers. These include tiny pinhole cameras placed right on the ATM or keylogging keypads which "record a customer's keystrokes."
The company Memcyco adds that card skimming can also occur on the software side through malware or wireless man-in the middle attacks.
"Cybercriminals with enough skill and access to targeted financial systems can deploy malware onto ATM and POS systems to capture credit card information upon transaction. This type of malware often uses sophisticated methods to capture the data before it can be encrypted, such as RAM scraping malware. Attacks of this type can be tough to detect, and have been plaguing financial institutions and vendors since as early as 2008," a Memcyco blog post stated.
With man-in-the-middle attacks, the criminal uses malware or a black box to disrupt communication between the ATM and the host.
"Once the bad actors are between the ATM and the Host they can intercept approval requests sent to the host, prevent them from reaching the host, and provide a counterfeit approval message, allowing the fraudulent transaction to dispense cash. Then a cash harvest is performed, draining the ATM," Michael Strange, director of technology services at Cook Solutions Group said in an article.
Can skimming be prevented?
The simple answer is yes, but it depends on a lot of factors. One is to utilize contactless readers or make sure to integrate EMV chips. EMV chips can make traditional external skimmers obsolete, but internal skimmers can still steal EMV data.
As a result, Neiding argues that banks and consumers need to consider a variety of safety plans. For example, Neiding states it is also key to, "avoid fallback transactions that depend on magnetic stripe data, which can be cloned."
In addition, banks should consider, "digital wallets that use tokenization and biometric authentication for improved security," and providing "secure card readers such as DN's ActivEdge card reader, that offer multiple security layers and conduct regular inspections of all ATMs, along with real-time monitoring to detect any suspicious activity."
Neiding added that the ActiveEdge card reader, "features long-edge insertion, an encrypted moving read head and a robust anti-tampering design. It's built to stop both external and internal skimming while delivering a smooth user experience. Our traditional short-edge card readers come with different levels of security, with Security Pack 3 offering top-tier layered protection, multi-signal jamming, and advanced encryption, and are available in both dip and motorized configurations."
For relay fraud attacks, Diebold Nixdorf is also working on an EMV Relay Attack Mode feature that "monitors chip communication timing, compares chip and magnetic stripe data and can automatically abort or retain fraudulent cards. This enhancement strengthens the overall ecosystem of card reader protection by extending security beyond the reader itself to safeguard the entire EMV transaction process," Neiding said.
Nidec also provides several card readers designed to help prevent both skimming and data breaches. For example, one of its most recent card readers tokenizes the card number so there is less risk of the data being stolen in a data breach.
On the customer side, Neiding emphasized the importance of education so that they know to check out the ATM prior to use for any signs of tampering. "They should cover their PIN while entering it, use ATMs located in well-lit, busy areas, opt for contactless payments when possible, regularly monitor their accounts for any unauthorized transactions and report any suspicious activities."
About Bradley Cooper
Included In This Story
Diebold Nixdorf
As a global technology leader and innovative services provider, Diebold Nixdorf delivers the solutions that enable financial institutions to improve efficiencies, protect assets and better serve consumers.
