Some of the world’s largest retailers, such as Macy’s, British Airways, Puma, and Ticketmaster, have been affected by a new cybersecurity threat called e-skimming. E-skimming is a type of attack when a hacker inserts malicious software into a retailer’s website. This software can steal your data, including your credit card number. The FBI says that millions of credit card numbers have been stolen over the past two years
“E-skimming attacks happen in real time,” says Daniel Markuson, a digital privacy expert at NordVPN. “While a shopper is entering their credit card details, the hacker is stealing the payment information directly from the shopping cart. The user’s information might already be up for sale on the dark web by the time the transaction is finished.”
Unlike physical card skimming, which happens when someone inserts a film into the card reader or ATM, you cannot simply look at a website and tell that a hacker has tampered with it. The retailers themselves may never find out unless there is an investigation. Nevertheless, according to Markuson, there are some things you can do to stay safer:
1. Consider your payment methods. Today there are new, more secure alternatives to your classic debit card. For example, you might want to try a virtual credit card. It is a unique credit card number to be used for specific transactions and a specific merchant. Also, experts suggest paying by credit card rather than debit.
2. Stay organised. Make sure to keep all your documentation, such as receipts or order confirmation numbers, to prove your online purchase. It is also important to continually check your credit card statements. If you see any activity on your balance that you don’t expect to find, try to recall whether you have authorized the charge. If you can’t remember it, inform your bank or credit card issuer, and they should be able to help you.
3. Carefully read other customers’ reviews. If an e-skimming attack has already hit someone, you’ll likely find a comment about that. Always do your research in advance, and if you notice something suspicious, better look for another store.
4. Provide companies with the necessary information only. The less data they have, the less they can leak. Don’t provide your date of birth, social security number, or bank account number just because someone asks for it.
5. Always check the URL of the website. Make sure that the address bar says “https” instead of “http”. Even though retail giants have been hit by this attack too, the more trusted and secure the retailer is, the more likely they are to have robust security protocols in place. Therefore, avoid fishy websites, even if they have great deals on.
