A person online shopping on a mobile phone

E-skimming is a growing online threat for consumers

Share on facebook
Share on twitter
Share on pinterest
Share on linkedin

Skimming, a type of theft that steals debit or credit card information, has gone high-tech as hackers target online checkout pages with malware.

Instead of using a small physical device at an ATM or gas pump, cybercriminals infect a website directly or break into a shared server that supports many online shopping websites.

The malware then steals customers’ payment card details and other personal data such as names and addresses, sends the information to a computer server controlled by the hackers.

The FBI says e-skimming has been on its radar for nearly seven years, according to CNBC. However, the crime is growing because cybercriminals are sharing the malware.

E-skimming attacks have hit companies small and large over the past two years, including Macy’s last October.

For consumers, this is another challenge to keep sensitive information private.

“It’s nearly impossible for a consumer to detect that this has happened to them before the actual occurrence. The site that they would look at, which is already infected, would look no different to a consumer,” Herb Stapleton, section chief for the FBI’s cyber division, told CNBC.

Using credit cards in place of debit cards when shopping online could help lessen any inconvenience if a card is compromised, Randy Pargman, senior director at cybersecurity company Binary Defense, told CNBC.

Credit cards can have a lower liability for fraud, and getting money returned to your debit card can take some time.

Another tip Pargman says is to consider using a virtual credit card. Some card issuers offer the option to create a unique credit card number to be used for specific transactions. If this number is compromised, other charges will not be processed.

Consumers should monitor their card statements for any unusual activity and report it right away.

Interpol announced the first arrests for e-skimming in January. Three people from Indonesia allegedly compromised hundreds of retailer websites.