Consumers have received warnings for years about the threat of card skimmers that can steal their debit and credit card data, and many have learned to check for the devices before inserting their cards into ATMs or swiping at self-serve gas station pumps.
Now the pandemic has inspired many shoppers to take their purchasing online, away from the threat of those physical devices. This has not stopped fraudsters who have followed the money and adapted their skimming techniques for an eCommerce environment. Hackers now are deploying eSkimming schemes in which they insert malicious scripts into merchant websites, enabling the fraudsters to steal card data out of online checkouts — often leaving both the eTailers and consumers none the wiser.
The October/November Next-Gen Debit Tracker® examines the rising threat of eSkimming and how financial institutions (FIs) and merchants are working to detect and thwart these attacks.
Around The Next-Gen Debit World
Shoppers are making more of their purchasing via digital means, with one study finding that 26 percent of customers expecting to use cash less often than they had pre-pandemic. Many consumers are shifting instead to payment cards linked into digital wallets or swiped or tapped at point-of-sale (POS) terminals. Fifty-five percent of respondents said they expect they will use contactless cards more frequently now and after the pandemic ends.
Merchants must be able to safeguard their customers online transactions, or they will see shoppers abandon them for other, safer options. A survey found that 28 percent of respondents would stop using a website or service if their accounts became compromised, for example, indicating that security is a paramount concern for many shoppers.
eTailers working to shore up defenses are finding eSkimming to be a particularly powerful threat. One eSkimming attack exploited weaknesses in an Adobe software product that the company had stopped supporting just months before and used this vulnerability to work widespread damage. The attack is believed to have compromised 2,000 eCommerce sites and threatened tens of thousands of consumers.
Find more on these and the rest of the latest headlines in the Tracker.
Combatting eSkimming With Tokenization
FIs are working to help their cardholders better evade eSkimming attacks and reduce their risks when shopping online. In this month’s Feature Story, Lindsay Land, vice president of operations at Consumers Credit Union discusses key ways that FIs can work with their customers to battle this threat, including by encouraging use of tokenized payment methods, alerting them to signs that could reveal falsified eCommerce sites and warning of the ways that fraudsters conduct phishing attempts.
Read that story in the Tracker.
Deep Dive: How Online Merchants Confront eSkimming Attacks
Consumers have been spending more heavily online during the pandemic, and cybercriminals have upped their attacks accordingly. eCommerce merchants must be on guard against eSkimming attacks that attempt to steal card data that can then be sold on the dark web or used to charge victims’ accounts. Merchants can struggle to identify when these attacks are underway, however, because they do not interrupt purchasing and may involve software not owned by the retailers.
This month’s Deep Dive examines how the attacks are worked in subtle ways to avoid detection and what merchants can do to respond.
Find the Deep Dive in the Tracker.
About The Tracker
The Next-Gen Debit Tracker®, a PYMNTS and PULSE collaboration, examines how cybercriminals use eSkimming to try to steal customers’ card details online as well as how merchants and FIs can work to detect and combat this.