Approximately 80% of Americans shop online. That's more than 263 million people, and the number is expected to grow by 31.2 million by 2025. (via Statista). E-commerce is popular because it is convenient, but the unforeseen result is cybercrime.
According to a 2020 report by the FBI's Internet Crime Complaint Center (IC3), US citizens lost more than $1.8 billion to online skimming and related crimes that year. Shady characters continue to devise inventive methods to steal money from connected accounts by lifting or scraping unsuspecting victims' credit card information.
Credit card fraud schemes vary — sometimes fraudsters create spoof websites and phish credit card information from the checkout page, and you will, of course, not receive the items you paid for.
Other times, they may send you text messages or emails claiming you are eligible for a refund for an item or service you never purchased, then demand your credit card information to "credit" you.
According to The Ascent research, approximately 35% of American consumers have been victims of credit card fraudsters. Because the likelihood of falling for these schemes increases with age, we'll share a few tips to help you avoid becoming a statistic. But first, let's go over the fundamentals.
Online credit card skimming:
Skimming is not a recent concept. Physical card skimming began with physical card skimming, which you may have viewed in movies: a scammers attaches a small device known as a skimmer to a card reader at a gas station, ATM, or other point of sale terminal. The skimmer steals unsuspecting customers' credit card information, which the fraudster then recovers and uses to make online purchases.
However, online skimming is not the same. Magecart attacks are a combination of Magento — the Adobe-owned e-commerce platform that was the original target of fraudsters — and cart. This is how it works: Instead of using physical hardware, hackers place malicious Javascript code called sniffers on websites, and those sniffers lift payment card numbers.
Malicious actors could also insert malicious fields into payment forms or create redirect links to steal customers' credit card information. Magecart skimmers typically sell the information they collect on the dark web for as little as $5. (via PCMag).
Magecart malware is difficult to detect on websites. Everything works and looks the same for the most part. However, being cautious can help you detect when something is amiss, such as being redirected to a website that does not appear secure. There are several ways to determine this.
To begin, click on the lock in the address bar to ensure the security of the website. If the lock is not closed, the connection is not secure, and the site may not be genuine. You could also look at the website's copyright date at the bottom.
To protect visitors from compromise, secure websites frequently update the interface and protocols, ensuring that the copyright is always up-to-date or at least recent. If a website's copyright is out of date, this is a red flag (via Norton). Finally, avoid clicking on links or downloading attachments from text messages or emails. Unfortunately, being cautious will not completely protect you from skimming.
Magecart attackers steal the payment application infrastructure, which is typically provided to e-commerce merchants by third-party service providers, so even completely secure websites may contain skimming malware (via SISA). However, there is a better line of defence.
As the number of skimming attacks grows, banks and other financial institutions are taking steps to safeguard their customers from fraud, and virtual cards are one of those solutions. They are linked to your credit card, but they can generate one-time use account numbers, security codes, expiration dates, and CVV codes for online transactions while protecting your actual credit card information.
It's also a good idea to use only one credit card for online shopping so that you can keep track of it easily. Also, contact your bank and request that international purchases on your credit card be disabled. The majority of skimming scams are card-not-present (CNP) transactions, which means that the fraudsters will use a compromised card to make a purchase in a location other than the card owner's. The victim could be in Milwaukee and receive strange debit alerts for purchases made in Miami.
