Shoulder surfing is a practice that involves the observation of an individual and the collection of information without the knowledge or consent of the individual who is being observed. The name for this process refers to the practice of looking over the shoulder of another person in order to ascertain what he or she is doing. In spite of the name, individuals engaged in the act of shoulder surfing do not necessarily have to be physically close by or actually looking over the shoulder of another person in order to secretly collect information.
In most situations, shoulder surfing refers to an activity connected with securing proprietary information that the observer can later use for his or her own benefit. For example, a scam artist may stand in the ideal location to observe an individual as he or she enters a personal identification number (PIN) into an ATM machine. By observing the series of keystrokes, the thief can determine the code sequence and note it for future use. Assuming the thief can later get access to the debit card associated with that PIN, he or she will be able to withdraw funds from the attached account at will.
In crowded checkout lines, shoulder surfing may also be employed as a means of quickly reading account numbers and capturing PIN codes for later use. The advent of small cameras that can be operated without notice may actually create a visual record of a transaction. At a later time, that video can be used to identify the necessary financial information and allow thieves to utilize the data to make unauthorized purchases online.
An electronic version of shoulder surfing makes it possible to capture keystrokes as shoppers enter financial data as a means of making an online purchase. Malicious software that breaks through the web site’s security protocols captures each keystroke made by the shopper, then records it for future use. The end result is unauthorized use of debit and credit cards to make purchases that the owner of the account knows nothing about until either the card statement arrives or the card issuer notices something unusual and places a hold on further purchases, pending an investigation.
With the increasing use of debit and credit cards instead of cash or checks, the opportunity to become a victim of shoulder surfing is greater than ever. Some merchants have taken steps to provide shielding on card terminals to make it harder for others to read card information or see what keys are pressed by the end user. Many merchants will also encourage shoppers to position the upper body at an angle that inhibits the view of anyone standing nearby, making it harder for anyone to see exactly what data the shopper is entering into the point of service (POS) terminal.