Credit cards have come a long way to become more secure by adding chips and biometric security measures. However, identity thieves seem to be moving at the same pace when it comes to learning how to steal data.

“Recent figures suggest that over 80 percent of credit cards currently in people’s wallets have already been compromised,” said Markus Bergthaler, former director of programs and marketing for the non-profit Merchant Risk Council, which offers a host of resources on how to curtail fraud.

We’re all familiar with credit card readers. They are devices that allow us to swipe, tap or insert our credit cards for fast, convenient payment. And who hasn’t stopped at an ATM to take out cash or to check a bank balance? But it’s important to be careful where you put your card so that you’re not falling prey to a card skimmer.

What is a card skimmer?

A card skimmer is a device attached to a card reader, often ATMs or gas station pumps, to “skim” information about your credit or debit card. It may contain a stealth camera that records your pin as you enter it. Or, in the case of most gas pump skimmers, it may contain a data collecting device that stores and transmits your card data to an identity thief. More high tech thieves might even 3D print a new keypad for a machine to use for recording pin numbers. Card skimmers usually blend into the original hardware of the machines they are attached to, so they can be difficult to spot.

How to spot a credit card skimmer

While a card skimmer is meant to blend into the background, there are some things you can do to spot them.

A visual inspection

When doing a visual inspection for a card skimmer, there are certain key things you want to check. For starters, have a look at the actual card reader. Does it look like it normally does, or is it a bit askew or off-center? People installing a card skimmer will often have to open parts of an ATM or a fuel pump to insert the skimming device. This can cause a seal on a fuel pump to break or a card reader to bulge out a bit more than usual. They may also have to remove certain security tapes with serial numbers to insert a skimmer. Check to see if these look like they’ve been tampered with. Another good thing to eye check is the keypad. Does it look authentic? And lastly, have a look inside the mouth of the card reader itself. If it looks like anything is inside the reader, it’s best not to use it.

A physical inspection

Using your hands to feel around a card reader before you insert your card is also a good idea. Sometimes thieves will simply attach a skimmer to an existing card reader. According to Lt. John Faine, former criminal investigations section commander in Warren County Sheriff’s Office, some victims of a card skimmer remembered “a weird feeling, like the slot had been tampered with.” He went on to say, “It wasn’t noticeable when it happened, but after the fact, they said, ‘You know what, it did feel like something was off when I put my card in.’” Give the card reader a wiggle before you insert your card. If the reader feels loose or strange, don’t use it.

Use supportive tech

Our eyes and hands are great tools to help us identify skimmers, but it’s easy enough to miss something. That’s where supportive tech comes in to help. For starters, there are a variety of cellphone apps that have been developed to identify skimmers. For example, Bluetana was developed to identify the Bluetooth signature of credit card skimmers. If you prefer something more like a physical tool, there is the newly developed Skim Reaper. It looks just like a credit card, but is actually a tool that can identify skimmers. You simply insert it into a card reader and it can tell you if there is a skimmer present.

How to keep your card safe

Being able to identify a credit card skimmer is very helpful in making sure that your credit card data isn’t compromised. There are also other things you can do to make sure that your credit card purchases and ATM transactions are safe.

Use ATMs selectively

If you’re looking to use an ATM, be selective about the one you choose. Instead of simply using the closest machine, try to only use ATMs that are associated with actual banks. According to Michael Betron, senior director of product management at FICO, the majority of compromised machines in 2016 were non-bank ATMs. ATMs attached to banks usually have a higher level of security that includes cameras recording all interactions with the machine and bank staff monitoring the machine. There is also usually higher traffic at these machines, which means there is less opportunity for thieves to compromise the ATM. Whenever using any ATM, you should always make sure you cover the keypad when you enter your pin to keep that information secure.

NFC transactions

NFC stands for near-field communication. An NFC transaction allows two devices to communicate with each other when they’re in close proximity. NFC is the technology behind mobile phone payments. Because this kind of payment doesn’t require a card to be inserted, or a pin to be entered, it gives skimmers less access to your data. In order to make NFC payments, you will have to turn on the NFC function for your phone. Once that’s done, you can enroll for a digital wallet and get started.

Use a credit card not a debit card

If you do have to make a payment with a card, it’s often better to use a credit card than a debit card. Debit cards are directly linked to your bank account, meaning your hard-earned cash becomes vulnerable in the hands of a data thief. Credit cards, on the other hand, are linked to a line of credit. If you have a fraudulent transaction show up on a credit card, that is a bank’s money, not yours. You have the opportunity to contest fraudulent charges on your card and also benefit from your credit card’s zero liability policy.

Check your statements

When you do make purchases with your credit card, hold on to the receipts. When your monthly statement comes, check it against your receipts to make sure there aren’t any fraudulent charges. You can also check your account more regularly online through your issuer’s website. Regular account check-ins means that you’ll be able to report a compromised account sooner rather than later and prevent further fraudulent charges.