If you’ve had your credit card compromised in the last year or two, you’re not alone. The Federal Bureau of Investigation (FBI) says millions of consumers have fallen prey to electronic skimming.
Having cut its teeth on hacks of British Airlines and Newegg, e-skimming uses software called Magecart which allows hacking teams to inject malicious code into ecommerce sites so they can run off with a consumer’s payment details. In some hacks, the 'Shopper Approved' ecommerce toolkit many ecommerce sites use was also compromised by Magecart.
“It’s nearly impossible for a consumer to detect that this has happened to them before the actual occurrence. The site that they would look at, which is already infected, would look no different to a consumer,” Herb Stapleton, section chief for the FBI’s cyber division told CNBC.
How to protect against e-skimming
Barry Pargman of cybersecurity firm Binary Defense, whose stock and trade is monitoring the computers of companies for signs of attacks, says that while any online retailer needs to be concerned about e-skimming, consumers also need to take steps to protect themselves when shopping online.
Use a credit card rather than a debit card, Pargman told CNBC. The reason? If a debit card is compromised, it can inconvenience a consumer more than a credit card would, not to mention that getting stolen money put back in an account can take longer with a debit card.
Think about getting a “virtual” credit card. A virtual credit card allows consumers to make transactions on their main credit card without having to use the main credit card’s account number. Pargman says that if the number on a virtual credit card is compromised, other charges will automatically be declined. According to thecollegeinvestor, there’s currently three banks offering virtual cards -- Citi, Bank of America, and Capital One.
Can these e-skimmers be caught?
Unfortunately for consumers, e-skimming is growing by leaps and bounds. Digital threat management firm RiskIQ’s says that its data gathering shows Magecart skimmers have appeared over two million times and directly breached over 18,000 site hosts.
The company also notes that hunting down an e-skimmer is “well outside the scope of modern network monitoring tools, requiring a new kind of monitoring that looks that things from the perspective of the end-user.”
Stapleton told CNBC that even though e-skimming has been on the FBI’s radar for going on seven years, these crimes continue to grow because cybercrooks are getting more sophisticated, and they’re also passing around the software so more of their crooked pals can get in on the game, too.
“If we put up a wall,” Stapleton said, “they’re building a ladder or a tunnel or a way to go around it.”