How To Avoid Online Credit Card Skimming Scams
About 80% of the American population shops online. That's more than 263 million consumers — and this number is projected to increase by 31.2 million by 2025 (via Statista). E-commerce is popular because it's convenient, but cybercrime is its unintended consequence. A 2020 report by the FBI's Internet Crime Complaint Center (IC3) shows that US citizens lost over $1.8b to online skimming and related crimes that year. Shady characters continue to devise crafty ways to lift or scrape unsuspecting victims' credit card information and steal money from the connected accounts.
Credit card fraud schemes vary — sometimes fraudsters create lookalike websites and phish credit card information from the checkout page, and of course, you won't actually receive the items you paid for. Other times, they may send you text messages or emails claiming you're eligible for a refund for an item or service you never purchased, then request your credit card information so they can "credit" you.
According to research by Motley Fool's The Ascent, about 35% of American consumers have been victims of credit card fraudsters. The likelihood of falling for these schemes increases the older you get, so we'll share a few steps to help you avoid becoming part of the statistic. But first, we need to cover the basics.
How does online credit card skimming work?
Skimming isn't an unpopular phenomenon. It started as physical card skimming, and you might have seen it in the movies — a fraudster attaches a small device, known as a skimmer, to a card reader at a gas station, ATM, or any other point of sale terminal. The skimmer collects the credit card information of unsuspecting customers, and the fraudster recovers and uses that information and uses it to make purchases online.
But online skimming is different. They're sometimes called Magecart attacks, a portmanteau of Magento — the Adobe-owned e-commerce platform that was the original target of fraudsters — and cart. Here's how it works: instead of using physical hardware to steal payment card numbers, hackers place malicious Javascript code called sniffers on websites, and those sniffers lift credit card information from checkout pages or other sensitive forms.
Fraudsters could also add malicious fields to payment forms or create redirect links from which they can collect customers' credit card info. Magecart skimmers typically put up the collected information for sale on the dark web, for as little as $5 (via PCMag).
So, back to the original question: how do you avoid online skimming scams?
Pay attention
It's pretty difficult to detect Magecart malware on websites. For the most part, everything works and looks the same. But being cautious could still help you notice when something is off, like if, for example, you're redirected to a website that doesn't look secure. There are a few ways to tell.
First, click on the lock in the address bar to ensure the website's security. If the lock is open, the connection is not secure and the site might not be authentic. You could also check the copyright date at the bottom of the website. Secure websites frequently update the interface and protocols to protect visitors from compromise – so the copyright is always up-to-date or at least recent. If the copyright on a website is outdated, that's a red flag (via Norton). Finally, avoid clicking on links in text messages or emails, or downloading attachments from them.
Being cautious will not totally protect you from skimming, unfortunately. Magecart hackers target the payment application infrastructure, which is typically provided by third-party service providers to e-commerce merchants, so even completely secure websites might still carry skimming malware (via SISA). But, there's a better line of defense. Let's discuss that next.
Use a virtual credit card
As skimming attacks increase, banks and other financial institutions are taking steps to protect their customers from fraud, and virtual cards are one of those solutions. They are connected to your credit card, but they can generate one-time use account numbers, security codes, expiration dates, and CVV codes that you can use for online transactions and keep your actual credit card information secure.
It's also wise to have only one credit card dedicated to your online shopping, so it's easy to keep tabs on it. Also, make sure to contact your bank and opt to disable international purchases on the credit card. Most skimming scams are card-not-present (CNP) transactions, meaning the fraudsters will use a compromised card to make a purchase in a different location than the card owner. The victim might be in Milwaukee and get mysterious debit alerts from purchases made in Miami. You should also enable purchase alerts on your account so that you're able to track transactions and detect any fraudulent transactions immediately.