U.S. Secret Service Takes Down 55 Skimmers Scanning 3,251 Terminals in Three Days as Part of Operation Flagship

• The U.S. Secret Service removed 55 skimmers from New York City between May 21 and 23
• Authorities made thorough checks of 3,251 terminals and devices in the city
• The action was part of a campaign named Operation Flagship

The United States Secret Service discovered 55 skimming devices during a counter-fraud operation in New York. The three-day campaign was conducted in the city between May 21 and 23 as part of Operation Flagship.

The federal law enforcement agency surveilled 3,251 terminals and devices and successfully removed 55 skimming devices, which resulted in an estimated savings of $16.5 million.

Skimming is a form of financial fraud that involves reading payment data as punched during transactions. These transactions are not limited to ATMs but also include those made at gas pumps and point-of-sale terminals.

Physical card skimming devices are installed at payment terminals and are presented to appear like parts of card readers to unsuspecting customers. These devices can capture credit or debit card numbers, PINs, and the dates mentioned on the cards.

Skimmers installed at fuel pumps may escape the eye of customers as they are typically attached to the internal wiring of the payment device, an FBI report read. Skimmers can download the captured data and wirelessly transfer it to threat actors.

They steal credit and debit card numbers, expiration dates, and security codes at the point of transaction.

These devices are typically disguised to look like legitimate parts of card readers at ATMs, gas pumps, point-of-sale (POS) terminals, or other places where cards are swiped or inserted.

At retail stores, markets, or convenience stores, scammers stealthily install skimmers to capture sensitive card data from customers. “It only takes seconds to install a skimming device. Fraudsters may seek to distract store clerks—such as by requesting items from behind the counter—to accomplish this,” read an FBI report.

The details can be misused to create fake payment cards for purchases or to gain access to the victim's account. The data is further exploited by scammers to craft legitimate-looking emails and other communications to trick the target into disclosing more information under the pretext of KYC requests, or the like.