In advance of the holiday shopping season, consumers throughout the United States are being warned of the prevalence of eSkimmers, a new breed of software hackers that infiltrate a shopping website and use malware to steal credit card or debit card information as the consumer enters it at point-of-sale. “At this time of the year, it’s more important than ever that consumers protect themselves against this threat,” said Monica Eaton-Cardone, a nationally known expert in risk reduction, revenue retention and merchant mediation. “Fraudsters have gone well beyond using skimming devices at ATMs and stealing boxes off porches. They’ve graduated to sophisticated methods to skim code on e-commerce web pages and capture information such as your name, date of birth, account numbers, passwords and more.”
Read More: Personetics Joins the AWS Partner Network Global Startup Program
Experts warn that unlike other, cruder versions of cyber-crime, eSkimming is all but undetectable at the time that it occurs. To the end user, it appears that the transaction has completed without incident, and he or she has no way of knowing the extent of the theft, which involves not the loss of merchandise–as is the case when a “Porch Pirate” steals a box from a front porch–but of information, which is much more valuable. In most cases the consumer will even receive the product they ordered. Experts say the stealth nature of the theft is evidence of a deep familiarity with the payment processes of the sites that are hacked.
Companies that have reported the appearance of malicious payment codes of the type used in a common form of eSkimming include the online store for the National Baseball Hall of Fame, British Airways and Ticketmaster. Additionally, security was breached at some 6,500 online stores via code that researchers named “Magecart Attack,” which, when embedded in a web page, scans for numbers and letters entered into fields on the page by the consumer. This includes credit card numbers, security codes, expiration dates and other pieces of personal information.
According to the FBI, which investigates reports of eSkimming and other cyber-crime, most eSkimming operations are based in Eastern Europe. Some operators sell the personal data on the dark web, while others use the information to fraudulently purchase and then sell merchandise at a profit. In most cases the deception isn’t detected until well after the fact, making remediation more difficult.
Read More: Folio Financial Among Benzinga Top Fintech Listmakers in the “Best Robo-Advisor” Category
While the FBI recommends that companies take steps to prevent e-Skimming–such as updating and patching all systems with the latest security, including anti-virus/anti-malware software to keep firewalls strong–consumers must be vigilant as well.
“There are a number of steps consumers can and should take to protect themselves,” Eaton-Cardone said, beyond using secure passwords and never clicking on links in emails sent by unknown sources. These include not using a debit card to make online purchases, shopping on well-known, reputable sites, using two-factor identification on all devices and using single-use or “virtual” credit cards.
“The most critical action consumers must take is to monitor their credit card and bank statements frequently and very closely for any strange purchases or activity,” said Eaton-Cardone. “And if they find anything they don’t recognize they should immediately contact the vendor.”
Easton-Cardone also recommends that consumers activate transaction alerts on all credit cards as a way to catch fraudulent activity early.
