E-skimming: The new never-ending war on online fraud

Names like Ticketmaster, Best Buy, Delta Airlines and the Atlanta Hawks might conjure images of fun and entertainment, but they all have something more unfortunate in common – all have been victims of digital fraud.

Like physical skimmers that criminals hide in compromised POS machines, gas pumps, and ATMs, digital card skimmers have been successful at stealing plastic card data from unwitting customers via the websites of the above-mentioned businesses. But they are not alone. “E-skimmers,” as they are commonly known, have continuously ramped up in frequency, sophistication, and impact over the past several years, resulting in millions of dollars in losses from many well-known businesses and organizations.

How Does E-skimming Occur?
E-skimming occurs when hackers install a malware code in the checkout section of a merchant’s website. At a more granular level, they inject “scripts” into e-commerce websites that record the card data entered in payment forms. While the cardholder is completing their order and submitting their payment information, the malware siphons the data such as credit/debit card number, expiration date, CVV2/CVC2, name and address to a separate server. Hackers are also focusing on third-party vendors, as well as chat boxes used by online merchants to further commit e-skimming crimes. But it doesn’t stop there. To add to the ever-growing channels to commit fraud schemes, mobile devices are being used for fraud more than ever, while consumers are becoming more susceptible to social engineering attacks they receive. The reason? Everyday tasks can serve as a distraction; they essentially hinder consumers’ abilities to pay careful attention to any personal information that is being requested.

 

continue reading »