Regular readers of Scamicide are certainly familiar with skimmers which are devices installed on ATMs and credit and debit card processors that steal information from credit and debit cards thereby enabling criminals to use that information to make charges on those cards. The increased use in recent years of cards with chip technology has dramatically decreased the amount of fraudulent purchases made through stolen credit and debit card information because the chip card creates a new authorization number each time the card is used. Skimmers continue to be a significant problem, however, on gas pumps where the regulation requiring a switch to chip card reading technology will not become effective until October 1, 2020.
Chip card technology, however, offers no protection when credit and debit cards are used for online purchases. Recently the FBI issued a warning about what it calls E-Skimming which occurs when criminals infect the websites of businesses and government agencies with malware that allows the criminal to steal this information and then use it to make charges using the victim’s credit card or debit card.
There are many steps that businesses and government agencies should take to protect their sites from this type of crime. They should update their security software with the most recent security updates; change default login credentials on their systems; segment their network systems to limit access by criminals and educate their employees to the dangers of phishing and spear phishing emails because it is through these phishing and spear phishing emails that most malware is delivered. A good rule for us all to follow is to never click on links in emails unless you have absolutely confirmed that the email is legitimate.
What, can we as consumers do, however, to protect ourselves from becoming a victim of E-Skimming?
First and foremost, while it may be more convenient to leave your credit card on file with an online retailer you regularly use, this is not a good thing to do because it leaves you more vulnerable to having your credit card data stolen in the event of a data breach and as we all know, data breaches are and will continue to be very common.
Consumers should refrain from using their debit cards for anything other than an ATM card. Use a credit card for all of your card purchases to achieve greater consumer protection. The holder of a credit card used for fraudulent purposes cannot be assessed more than $50 for such use and most credit card companies charge nothing. However, the potential liability of a person whose debit card has been compromised can reach his or her entire bank account tied to the card if the card owner does not report the crime promptly and even if the card owner does report the theft promptly, the debit card owner’s access to his or her own bank account is frozen while the bank investigates the crime.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”