If you have never heard of e-skimming before, you probably want to educate yourself, especially with the holidays right around the corner. You may have heard warnings over the years about criminals tampering with credit card swipe systems at stores, gas pumps and other point-of-sale consumer stations. This tampering, known as “skimming,” happens when someone inserts a thin film into the card reader that steals your information and allows the thief to use your account. It is rare that the process is instantaneous, though, as typically the thief has to come retrieve the skimmer in order to download all of the stolen data.

Cybersecurity experts have now uncovered a new threat that works the same way, e-skimming, although it gives the criminal instant access to your account. Even worse, the criminal does not have to tamper with any physical systems and can pull it off from anywhere in the world.

E-skimming happens when a hacker inserts malicious credential-stealing software into a retailer’s website. You think you are checking out with your credit card or debit card—because you are, and your items even arrive as intended—but the hacker is stealing your payment information from the shopping cart in real-time. They may even be using your card or selling the information on the Dark Web before you are done with the transaction.

Unlike physical card skimming, you cannot simply look at a website and tell that a hacker has tampered with the system with e-skimming. The website owner themselves may not even know unless there is an investigation. However, there are some things you can do to protect yourself.

Enable alerts on your cards

Card Not Present” transaction alerts are a good idea anyway, and they are one of your best defenses against e-skimming. This alert, usually sent by text or email, comes from your card issuer and lets you know anytime your card is used to make a number-only purchase. As soon as the transaction is processed, the alert is issued. You can contact your bank immediately and stop the payment from going through, as well as close that card and order a new one.

Monitor your account

It is important that all consumers take a routine peek at their bank and card accounts in order to make sure there is nothing suspicious going on. Your card may be used or sold by a hacker, and there can be a limited window of time for you to dispute any charges in order to avoid accepting responsibility for them.

Use trusted websites and look for HTPPS

Hackers have a fun game of seeing who can earn the most credibility by taking down bigger and bigger targets. However, the more trusted and secure the retailer, the more likely they are to have strong security protocols in place. Avoid sites you are not familiar with, no matter how great the advertised deals are.

Consider a low-limit card for online purchases

Especially with holiday shopping coming up, you might consider a low-limit credit card for use on the internet. It can help reduce the amount of damage a hacker can do if your card information is stolen online.

Pre-plan your holiday shopping

If you are doing a lot of online shopping in the next few weeks, it is a good idea to plan what you will be buying and from which retailers. First, it will help you stick to your holiday budget, but more importantly, you will not be lured into opening dozens of online accounts and spreading your spending around. Limiting where you shop can help reduce your risk of encountering an e-skimmer.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Don’t Get Scrooged by a Holiday Scam

Boss Phishing Bah Humbug: Don’t Fall for this Holiday Scam!

Millennials at Risk of Identity Theft – This Holiday and Year Round