You no doubt have heard of skimming. This is where someone inserts a thin piece of plastic with an electronic circuit into a credit card reader at an ATM, gas pump, or retail card reader. The skimmer collects credit card information from the cards of users of the machines. With that information an identity thief can make purchases for him/herself or sell it to others who can use them for criminal activity. Skimmers can be difficult to detect for card reader users. Police often recommend that consumers check readers for tampering before using the reader.
In late October, the FBI issued a warning to small and medium-sized businesses and government agencies that take credit card payments online about a new skimming technique. Called E-skimming, a cyber criminal inserts malware into the checkout area of the business’ web site through a phishing attack or by exploiting a web site vulnerability.
As customers enter their card information, the malware sits in the background, collects the data then sends it to a server that the hacker has access to (see illustration).
The FBI has recommendations for businesses on how they can prevent e-skimming malware from infecting their computer systems; such as keeping their security software up to date, changing their default login credentials, and educating employees about how to detect phishing emails.
However, for consumers, detecting e-skimming on a web site is not possible. But there are things that you can do to prevent or at least limit any potential damage:
·
Set up a “Card not present” alert on your credit
cards. The alert, sent by text or email from your card issuer, is used when
your physical card is not present during a transaction. The notice gives you a
timely opportunity to contact the issuer if the transaction was not initiated
by you.
·
Consider using a low-limit credit card only for
online purchases. The low limit helps limit any damage from the hacker stealing
the card information. Never use a debit card for online transactions.
·
Consider using a virtual credit card for online
purchases. Virtual credit cards, which are tied to your bank’s credit card, act
as a buffer between your credit card account and the vendor. When you have an
online transaction, you use the virtual credit card account number but your
regular credit card will be charged. The number may be used on a one-time
basis, or you can use it until you detect or suspect that your number has been exposed
in a data breach. In that case, all you have to do is to cancel the virtual credit
card but keep your regular credit card account.
·
Consider using a third party, such as PayPal or
Venmo, to pay online. Like virtual credit cards, this is a way to protect your credit
card information from ID thieves.
·
Be sure to monitor your credit card account closely
for any unusual transactions.
FBI:
https://www.fbi.gov/contact-us/field-offices/portland/news/press-releases/oregon-fbi-tech-tuesday-building-a-digital-defense-agaist-e-skimming
Utah Department of Public Safety:
https://dpsnews.utah.gov/e-skimming/
CNBC:
https://www.cnbc.com/2019/10/29/how-to-protect-your-credit-card-info-from-e-skimmers.html
ZDNet:
https://www.zdnet.com/article/fbi-issues-warning-about-e-skimming-magecart-attacks/
Experian:
https://www.experian.com/blogs/ask-experian/what-is-a-virtual-credit-card/
No comments:
Post a Comment