How to Protect Your Credit Cards From ‘Web Skimming’ Scams
You’ve probably heard of skimming, a type of fraud in which criminals install physical devices that can capture your payment card details on ATMs, gas pumps and point-of-sale terminals. If you enter your debit or credit card into one of these fake card readers, your data is stored for later downloading or transmitted wirelessly in real time to a device controlled by fraudsters, who will use the information to steal your accounts.
Unfortunately, online shoppers are not immune to this ploy. Web skimming is a type of cyberattack that uses malicious code to steal card data during payment, and researchers have identified an ongoing campaign targeting major payment providers and, by extension, consumers.
Online Credit Card Skimming
Web skimming attacks, commonly referred to as “Magecart” campaigns, are launched when malicious JavaScript is injected into e-commerce websites and payment portals. When a payment page loads, the skimmer replaces it with a spoofed form that collects card numbers, expiration dates, card verification codes, and billing or shipping addresses – everything bad actors need to use your card for fraudulent purchases.
Fake payment forms use a legitimate-looking brand and style to minimize suspicion. Once payment information is passed to the attacker, the user receives an error message and is redirected to the real payment page, a flow designed to make you believe that you simply entered your information incorrectly.
Web skimmers are typically designed to avoid detection and can even self-destruct, making them difficult to identify, even for site administrators. They also use rock-solid hosting, which protects cyber actors from takedown requests and police action.
What do you think of it so far?
How to protect your payment card
Unfortunately, there is little consumers can do about the presence of web skimmers, but they can defend themselves against them. The red flags of an online shopping scam are also red flags for skimming: for example, too-good-to-be-true deals and discounts are indicators of a possible fraudulent supplier or malicious site, where you might be more likely to have your card details stolen. Purchasing from reputable suppliers will reduce (but not entirely eliminate) the risk. You should also be alert for any unusual steps during checkout, such as redirects or error messages, and abandon any suspicious transactions.
If you think your payment information may have been stolen, keep an eye on your bank and credit card statements for unauthorized activity and enable transaction alerts for real-time updates. Remember, credit cards offer more security protections than debit cards. You can also use virtual cards for online purchases, which helps keep your card details private and protects you from further fraud. (Note, however, that virtual cards have some drawbacks. For example, you may lose some protections offered by your primary card provider and have a harder time getting refunds.)
