copy/pasta:

Former Credit Card fraud investigator and current fraud consultant/strategist here. There are a few ways that people make money using skimmers (some of which are mentioned here) but some aren't. *Quick edit: the explanations about going to stores and just buying stuff are great - but they are not easy 'cash earners' for the fraudster. They can only buy so many items before the card is declined and then they have to worry about selling it all. The explanation below is how they earn just cold hard cash.

First and foremost, a credit card skimmer is just an easy way to collect a pool of credit card numbers. The pool will keep getting fresh new data as long as the skimmer is well placed/hidden (ie. a gas station pump). Also, the magnetic strip on your credit card contains a ton of information including but not limited to the name on the card, the credit card number, and expiration. The first 6 digits of the card even identify where the card came from (such as bank, issuer, etc.)

Let's call the guy who made/placed the skimmer the "fraudster". The fraudster collects the credit card data that the skimmer has read and can do multiple things with it.

1) As mentioned, he/she can sell large swaths of these CC numbers online in auctions (usually anonymously on TOR). Since they know the first 6 digits, they can even bucket them into high value cards. For example, Amex cards typically have higher credit limits than a regular debit card. They might organize the Amex cards into one list and earn more on that list than they would from say, Bank of America debit cards.

2) Another thing they can do is transfer the stolen card info onto a new card (someone mentioned this) BUT it is actually not as common to do this onto an existing card with the scammer's on it. Instead, these scammers usually buy blank hotel keys in bulk (very easy to purchase, common item for hotels/motels). They now have 500 physical cards that they can transfer the stolen credit card info onto. Now these cards are just blank white plastic cards, so going to a store and using them is pointless and too risky. Instead, they sign up to get their own credit card machine. Some are pretty cheap are even free (such as PayPal Here or Square). They can pretend to be some store using fake information and then start physically swiping the cards with the stolen data. The advantage of physically swiping them is the transaction will appear to the processing company and bank/card issuer as done "in-person" since the card was swiped. These are seen as lower risk transactions since most fraud is committed via just "keyed-in transactions" (such as online purchases, over the phone purchases, etc.). The machine that reads the cards only reads the magnetic strip, so it doesn't recognize that these are just generic hotel keys or crappy plastic cards someone bought online. So to the machine/reader, and to the credit card company and the credit card processor, it is just a normal physically swiped transaction.

There are more nuances and ways this can get more lucrative but that's the basics of it. Luckily most cardholders are protected from this kind of fraud by their bank/card issuer. If you recognize bad transactions they will cancel the card, refund your money, and send you a new one. The bummer is the people who get hosed are the businesses that might unknowingly accept your stolen card information and sell something. When you get a refund from your bank after "disputing" a transaction - that money typically comes from the business it was used at, not the bank. So if a business is tricked into selling a $2,000 painting over the phone to a guy who gave them a stolen credit card number - that business is going to lose the painting and the money and there's nothing they can do about it since the responsibility to investigate was theirs (according to most processors).

and from UK: https://www.reddit.com/r/explainlikeimfive/comments/51qohb/eli5_how_do_people_makesteal_money_using_credit/d7e9lkg

Ex bank employee here.
The primary way (in the UK anyway) couples a skimmer with a small camera which films the keypad. The skimmer reads your card info and the camera films you entering your pin.

They then put info from the skimmed card on any other strip card (lotyalty cards, phone top up cards, gift cards etc) and use this to create a clone. When they have a big pile of cards they hit up the cash points withdrawing the maximum amount (£300 per day, or around $400) per card every day until you notice and cancel the card.

We had reports of people making £10-15,000 per day with this technique if they snagged enough cards, and this is why it's crazy important for you to hide your PIN number when you type it in even if there's nobody around. If they clone your card but don't have your pin it's almost useless, if they have both be prepared for a pain in the ass whirlwind of police reports, fraud claim forms and back-and-forth before you get it sorted.

EDIT: in case anyone was tempted, we also caught the vast majority of people doing this. ATMs are crazy-well defended with cameras, and are in highly monitored areas. Even if people put a mask on a few streets away we still had footage of them on the approach that was good enough to catch them.
— Permalink