Regular readers of Scamicide are certainly familiar with skimmers which are devices installed on ATMs as well as credit and debit card processors that steal information from credit and debit cards thereby enabling criminals to use that information to make charges on those cards.  The increased use in recent years of cards with chip technology has dramatically decreased the amount of fraudulent purchases made through stolen credit and debit card information because the chip card creates a new authorization number each time the card is used thereby negating the value of skimming a credit card with a computer chip.  Scanning your card rather than inserting it into a card reader has also made such purchases safer.

Chip card technology, however, offers no protection when credit and debit cards are used for online purchases.  The FBI has warned about what it calls E-Skimming which occurs when criminals infect the websites of businesses and government agencies with malware that allows the criminal to steal credit card and debit card  information and then use it to make charges using the victim’s credit card or debit card.


There are many steps that businesses and government agencies should take to protect their sites from this type of crime.  They should update their security software with the most recent security updates; change default login credentials on their systems; segment their network systems to limit access by criminals and educate their employees to the dangers of phishing and spear phishing emails because it is through these phishing and spear phishing emails that most malware is delivered.  A good rule for us all to follow is to never click on links in emails unless you have absolutely confirmed that the email is legitimate.

What, can we as consumers do, however, to protect ourselves from becoming a victim of E-Skimming?

First and foremost, while it may be more convenient to leave your credit card on file with an online retailer you regularly use, this is not a good thing to do because it leaves you more vulnerable to having your credit card data stolen in the event of a data breach and as we all know, data breaches are and will continue to be very common.

Consumers should refrain from using their debit cards for anything other than as an ATM card. Use a credit card for all of your card purchases to achieve greater consumer protection.  The holder of a credit card used for fraudulent purposes cannot be assessed more than $50 for such use and most credit card companies charge nothing. However, the potential liability of a person whose debit card has been compromised can reach his or her entire bank account tied to the card if the card owner does not report the crime promptly and even if the card owner does report the theft promptly, the debit card owner’s access to his or her own bank account is frozen while the bank investigates the crime.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and type in your email address on the tab that states “Sign up for this blog.”