Card-skimming devices continue to appear at gas pumps, ATMs and retail payment terminals across the United States, creating an important risk for people travelling and spending more during the summer.
Recent enforcement operations by the US Secret Service have uncovered illegal skimmers in multiple cities. In June 2026, agents participating in an operation in the New York area recovered 35 skimming devices. Earlier operations found devices in Texas, Alabama, Pennsylvania and other states. The agency says criminals install skimmers on ATMs, fuel pumps and point-of-sale terminals to capture payment-card information.
The Federal Trade Commission has also warned consumers about card skimming at gas pumps and recommends checking card readers for tampering, using credit rather than entering a debit-card PIN and monitoring accounts for unauthorized activity. The FTC’s widely circulated summer-travel warning was originally published in 2018, while the most recent nationwide enforcement alerts have come primarily from the Secret Service and local law-enforcement agencies.
What Is a Card Skimmer?
A skimmer is an illegal device placed over, inside or alongside a legitimate card reader.
When someone inserts or swipes a payment card, the device captures information stored on its magnetic stripe. Criminals can then use that information to create counterfeit cards, make unauthorized purchases or withdraw money from the victim’s account.
Some setups also include a hidden camera or a false keypad placed over the real one. These components record the personal identification number entered by the cardholder, allowing criminals to use the stolen card information at an ATM.
The FBI’s skimming guidance says the crime costs financial institutions and consumers more than $1 billion each year. Skimming equipment has been discovered on ATMs, gas pumps and ordinary point-of-sale terminals.
Recent Operations Show the Threat Remains Widespread
The Secret Service has carried out repeated skimming outreach and inspection operations during 2026.
During a January operation, agents and partner agencies inspected payment terminals and removed illegal devices capable of causing millions of dollars in potential losses. In its summary of nationwide activity, the Secret Service said skimming operations during the previous year had removed more than 400 illegal devices.
An April operation led by the agency’s Dallas field office recovered 13 skimmers. Another Pennsylvania operation involved inspections of 883 point-of-sale terminals, 775 gasoline pumps and 170 ATMs.
In May, Secret Service personnel inspected more than 3,000 payment terminals at hundreds of Houston-area businesses and reportedly recovered 14 skimming devices. Authorities estimated that removing those devices potentially prevented millions of dollars in fraud.
These operations do not prove that every ATM or gas pump is unsafe. They show that skimming remains an active, organized form of financial crime despite improvements in chip and contactless-payment technology.
Why Gas Pumps Are Common Targets
Gas stations give criminals several practical opportunities.
Many fuel pumps are located far from the cashier and may not be watched continuously. A thief can target a pump at the edge of the property, particularly during quiet hours, and may need only a brief period to install a device.
Some skimmers are attached externally over the real card reader. Others are installed inside the pump cabinet, making them extremely difficult for a customer to see.
Older pumps may also require customers to swipe the magnetic stripe rather than use a chip or contactless payment. Magnetic-stripe information is easier for traditional skimming equipment to capture and reuse.
The FTC advises customers to examine the pump cabinet and check whether its security seal appears broken, cut or marked “void.” It also recommends comparing the card reader with those on neighboring pumps and gently checking whether the reader moves before inserting a card.
ATMs Can Hide More Than One Device
ATM skimming schemes may involve several separate components.
A false reader can be placed over or inside the card slot. A hidden camera may be positioned above the keypad, inside a brochure holder or behind a small opening in a decorative panel.
Criminals can also install a thin false keypad directly over the genuine keys. The fake surface records each number while still pressing the real keypad underneath.
Because some devices are designed to match the ATM’s color and shape, they may not look obviously suspicious. A loose card slot, uneven keypad, unexpected adhesive, different material or component that does not match the rest of the machine can indicate tampering.
Using an ATM inside a bank or another controlled building generally reduces the opportunity for interference, although it cannot eliminate risk completely. Consumers should prefer machines located in well-lit, actively monitored areas.
Skimmers Are Becoming More Difficult to Detect
Older skimmers were often bulky attachments that could be identified by pulling on the card reader.
Modern devices can be much thinner. Some are inserted deep inside a terminal, while others replace part of the machine so cleanly that the customer sees no obvious external change.
Certain skimmers can transmit captured information wirelessly. Criminals may therefore obtain stolen data without returning to retrieve the physical device.
Shimmers are another concern. These very thin devices can be inserted inside a chip-card reader and may intercept information exchanged when a card is inserted.
Chip technology makes it more difficult to create a fully functional counterfeit chip card, but criminals may still obtain useful account information or use captured data in other forms of fraud. No single physical inspection can reliably identify every advanced device.
Tap-to-Pay Is Usually Safer Than Swiping
Contactless payments generally offer better protection against conventional skimmers because the physical card does not pass through a compromised magnetic-stripe reader.
A tap transaction also uses security technology that generates transaction-specific information rather than simply transmitting the same reusable magnetic-stripe data every time.
Mobile wallets such as Apple Pay and Google Wallet add another layer of protection by using a token instead of giving the merchant the actual card number.
Local police departments responding to recent skimmer discoveries have advised consumers to use tap-to-pay whenever it is available and avoid terminals that appear damaged or altered.
Contactless payment is not immune to every type of fraud. Fake websites, stolen phones, compromised accounts and manipulated terminals can create separate risks. However, tapping is usually preferable to swiping a magnetic stripe at an unattended pump.
Credit Cards Usually Offer Better Protection Than Debit Cards
A skimming loss can be more disruptive when a debit card is involved because unauthorized withdrawals may remove money directly from a checking account.
Even when a bank later returns the funds, the customer may temporarily lose access to money needed for rent, bills, food or other expenses.
Credit-card fraud normally affects the issuer’s line of credit rather than immediately draining the customer’s bank balance. Credit cards also commonly provide strong fraud-monitoring and dispute protections.
The FTC advises people using a debit card at a gas pump to process it as credit when possible rather than entering a PIN. This keeps the PIN from being captured and prevents the transaction from being processed as an immediate PIN-based debit purchase.
When practical, the safest choices are to use contactless payment, pay with a credit card or complete the transaction inside with the cashier.
Cover the Keypad Every Time
A consumer should cover the keypad with the other hand while entering a PIN.
This simple action can block the view of a hidden camera or a person standing nearby. It remains useful even when the ATM or pump appears normal.
Covering the keypad will not protect against a fake keypad that records physical presses. That is why it should be combined with checking whether the keypad looks raised, loose, unusually thick or different from surrounding machines.
Consumers should also be suspicious when a machine asks for information that is not normally required, such as a complete Social Security number or online-banking password.
Choose the Machine Carefully
At a gas station, a pump close to the entrance and visible to employees may be less attractive to criminals than one positioned at the edge of the property.
At a bank, an indoor ATM used during business hours is generally preferable to a standalone machine in a poorly lit or isolated location.
A machine should not be used when its card slot is loose, its security seal is broken or the keypad appears altered. The customer should notify the business without touching or removing the suspected device.
Criminals may place skimmers on several machines at the same location. Moving to the next pump is not always sufficient when multiple terminals show signs of tampering. Paying inside or leaving for another business may be safer.
Monitor Transactions Instead of Waiting for a Statement
Skimming victims frequently do not realize their information has been stolen until criminals begin using it.
Account alerts can provide much faster warning. Most banks and card issuers allow customers to receive an app notification, text message or email whenever a card is used or when a transaction exceeds a selected amount.
Even a very small unfamiliar charge deserves attention. Criminals sometimes test stolen card details with a low-value transaction before attempting a much larger purchase or withdrawal.
Customers should review pending transactions regularly during and after travel. Waiting for a monthly statement gives criminals more time to continue using the account.
The FTC says consumers who discover unauthorized activity should contact the bank or card issuer promptly because their potential liability can depend on how quickly the loss is reported.
What to Do After Suspected Skimming
A person who believes a card was used at a compromised machine should contact the card issuer through the phone number printed on the back of the card or displayed in the official banking app.
The issuer may freeze or cancel the card, issue a replacement and investigate any suspicious transactions.
A debit-card PIN should be changed immediately. Passwords should also be updated when there is any reason to believe online-banking credentials were exposed.
Victims should document the location and approximate time the machine was used. This can help the financial institution and law-enforcement agencies identify a pattern.
Suspected fraud can be reported through the FTC’s official ReportFraud service. A person whose identifying information has been misused can also use IdentityTheft.gov to create a recovery plan.
Watch for Follow-Up Scams
A skimming incident may expose a card number, but criminals can also use the event to launch additional scams.
A victim may receive a call or text claiming to come from the bank’s fraud department. The caller may already know part of the card number or details of a recent transaction, making the message appear credible.
A legitimate bank may contact a customer about fraud, but it should not ask for a complete password, account PIN or one-time security code.
Anyone receiving an unexpected fraud call should end the conversation and contact the bank directly using its official app, website or the phone number on the card.
Security codes sent by text should never be shared. A fraudster requesting that code may be attempting to add the stolen card to a digital wallet or take control of an online account.
The Main Safety Message
Card skimming remains a serious financial threat at gas pumps, ATMs and retail terminals.
The FTC’s established guidance remains useful, but the latest evidence of widespread activity comes from repeated 2026 Secret Service operations that have uncovered illegal devices across the country.
Consumers cannot detect every advanced skimmer by sight. They can still reduce their risk by choosing monitored machines, inspecting the terminal, covering the keypad, avoiding magnetic-stripe swipes and using contactless or credit-card payments whenever possible.
The final layer of protection is rapid detection. Transaction alerts and regular account checks can prevent one stolen card number from becoming a much larger financial loss.