Bank machine terminals, transportation ticketing terminals, access control terminals and point-of-sale terminals typically use a card reader to allow a holder of an identification card to authenticate to the terminal. The identification card may be configured as a smartcard, and the card reader may be configured as a contact-based smartcard reader that includes electrical contacts arranged to engage respective electrical contact pads on the smartcard when the smartcard is inserted into the card reader. The card reader may receive confidential data from the smartcard via the electrical contacts/pads, and may pass the received confidential card data to the terminal for further processing.
The direct physical contact between the smartcard and the contact-based card reader limits the likelihood of the card data being intercepted by an unscrupulous third party and used for nefarious purposes. However, data skimming devices, commonly referred to as “shimmers”, can be inserted into a contact-based card reader, and used to intercept and store the card data for subsequent retrieval by the third party.
Although card readers can detect when a smartcard is inserted in the card reader, shimmers are configured to prevent the card reader from detecting the presence of the shimmer, without interfering with the ability of the card reader to detect the presence of the smartcard and communicate with the card. Shimmers also have a very small physical profile and, therefore, are not easily viewed from outside the card reader.