Credit card skimming has been a problem for many decades, but now a twist on the scam takes it online. E-skimming is a type of cyberattack that involves stealing credit card data and other personal information by infecting websites’ shopping carts with malware.
What are e-skimming cyberattacks?
A number of retailers and their customers have fallen victim to e-skimming. According to CNBC, American Outdoor Brands, Macy’s, Puma and Ticketmaster are just a few retailers that have had their shopping carts infected with e-skimming malware in a cyberattack.
E-skimming is a variation on traditional credit card skimming attacks, which require the hacker to have access to the credit card machine or gas pump they use to steal credit card information. This type of cyberattack takes the e-skimming scan a step further by enabling hackers to steal credit card information using malware rather than needing access to a credit card machine or gas pump.
This week authorities announced the first arrests in an e-skimming cyberattack. Interpol announced earlier this week that it arrested three people in Indonesia. The agency said the suspects compromised hundreds of shopping websites, stealing credit and debt card information and other personal information like names, phone numbers and addresses.
How it works
Experts warn that any retailer with a major online presence that accepts orders is at risk for e-skimming. Hackers can compromise retail websites in various ways, including breaking directly into the web server or breaking into a common server that supports numerous shopping websites and then compromising all the websites.
The FBI told CNBC that they’ve been concerned about e-skimming for almost seven years, but such cyberattacks are growing in severity. Cybercriminals are sharing the malware they use online, and such attacks are becoming more sophisticated.
Large companies generally have enough money to invest in resources to protect against e-skimming and other cyberattacks, but smaller retailers may not have the resources to do so. It’s unclear just how many websites have been compromised by such tactics, but officials say hackers have stolen information for millions of credit cards.
Authorities advise consumers to use credit cards instead of debit cards while shopping online because it can take a while to return money to a debit card in the event of fraud. Liability is often lower for credit card users as well. Some suggest virtual credit cards, which create a unique number to use for each transaction. If the number is stolen, future transactions will automatically be declined.
