Indonesia is a country based on the rule of law that adheres to Pancasila and the 1945 Constitution, guaranteeing equality before the law for all citizens. However, advances in information technology, particularly in the banking sector, have given rise to serious challenges, including digital crime, particularly the theft of personal data through skimming methods. Skimming is a cybercrime and information technology crime in which a customer's ATM card data is illegally duplicated using specialised tools. Perpetrators then use this stolen data to access and drain customer funds. This banking crime is closely related to the Electronic Information and Transactions Law (EIT Law), specifically Articles 30 and 31, which regulate illegal access and interception of electronic systems. This study adopts a normative juridical method with a literature review approach, examining various legal materials. The focus of the study is on the legal regulations governing criminal skimming technology in the national banking system. The study's results show that, although the ITE Law has become the legal basis for prosecuting skimming, there remain structural weaknesses. These weaknesses stem from a lack of clarity in the definition and scope of the offence, which ultimately creates difficulties in consistently and fairly enforcing the law. The protection of customers' personal data is emphasised in ITE Law, which makes it part of the right to privacy that banks must guarantee. Skimming perpetrators can be prosecuted under the criminal provisions of ITE Law or under Articles 362 and 363 of the Criminal Code (KUHP) on theft.