With holiday shopping season coming up, law enforcement agencies caution shoppers to be aware of the digital theft known as “e-skimming.”
Cyber criminals skim customer payment data — which can include your name, date of birth, account numbers, passwords and location information — from website checkout forms, ATMs and even gasoline pumps, so be smart when sharing personal information on digital networks to reduce your risk of becoming a victim of cybercrime.
How e-skimming happens
According to the U.S. Department of Homeland Security, any business accepting online payments is at risk of an e-skimming attack. The capture of personally identifiable information happens when cybercriminals introduce malicious code into payment card-processing web pages or into a wide range of devices they surreptitious place in card-processing machines used in a seemingly endless array of venues, including restaurants, sports arenas and retail shops.
The malicious code injected into a web page or device typically captures credit card data in real time. The information is then sent to an Internet-connected server using a domain name controlled by the thief. Subsequently, the collected credit card information either is sold or used to make fraudulent purchases.
How to minimize the risk of being a victim of e-skimming
The FBI recommends taking precautionary measures to mitigate the threat of e-skimming attacks — but be forewarned: malicious skimmer code has varied widely in complexity, which makes it tough to identify a specific set of indicators that something could be wrong. The agency generally recommends that companies secure websites to prevent malicious code injection and that they use proper network segmentation and segregation to limit network exposure and minimize cyber criminals’ movement inside a network if they break in.
Other tips provided by the FBI:
- Use a virtual credit card.
These are temporary, dynamically generated numbers that can be used only once to allow a transaction. Software applications generate the new virtual number, or token, which is transmitted between your bank and a retailer to confirm that it’s all right for a transaction to proceed. Using a virtual card means you don’t have to divulge the information printed on your static credit card. Several major banks provide virtual credit card services, including Bank of America, Capital One and Citibank.
- Pay using a third party.
If you’re not using a separate credit card for online purchases, consider paying through a third-party processor, such as PayPal or Venmo, if the retailer’s site gives you that option. This helps ensure the retailer never see your personal information.
- Keep your technology updated — especially anti-virus software.
- Be cautious about gift cards. The tactics scammers use to steal credit card information are the same they use to steal gift card balances.
- Regularly monitor bank accounts.
- Track your credit report.
What to do if you think you have been a victim of e-skimming
- Consult with a code-savvy person to try to identify the source of the skimming code to determine the access point, such as network or third party. Also try to save a copy of the skimming script or malicious loader domain to report to law enforcement.
- Change pertinent credentials.
- File a detailed complaint at www.IC3.gov.
Disclaimer: The information provided is intended to increase security awareness and is not meant to be a complete discussion of cybersecurity. Cardan Capital Partners does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the vendors and do not necessarily represent the opinions of Cardan.