You may already know what skimming is. Skimming is the process of copying/duplicating data contained on a physical ATM/debit or debit card. It is done by changing/modifying the device/installing a skimmer on machines used for card payment transactions, such as ATMs or EDCs.
As technology advances, there is a new crime on the rise known as e-skimming. What is e-skimming and how is the crime committed?
What is e-Skimming?
e-Skimming, also known as Sniffer, is the act of stealing sensitive credit/debit card data (e.g. card owner’s name, card number, CVV number, expiry date) online, which is done by the attacker by infecting a virus on the victim’s computer or smartphone device, or infecting a third-party online system platform (e.g. on e-commerce such as online stores, airlines, etc.).
The followings are two attack methods and the security tips.
Attack Method 1:The attacker hacks into the victim’s computer/smartphone device.
Since the hacker attacks the computer/smartphone device, the victims are only cardholders whose computers/smartphones are attacked.
When making online payments, the attacker can steal sensitive information input by the cardholder on the infected computer/smartphone used by the said cardholder. As a result, the data, which should be confidential, is available to the attacker and used for illegal transactions/to break into the victim’s cards.
For example, virus/malware (malicious software) infection on the system of a computer or smartphone device. This happens due to the use of pirated programs, and installing applications (APK/IPA) other than from official sites such as Google Play Store / Apple App Store (e.g. Blackmarket Apps or third-party Mobile Apps).
The risk of being exposed to malware is one of the most common dangers on mobile devices and computers when you are connected to the internet. However, it can be avoided by developing safe and smart habits that protect your device from malware and other threats.
Computer and Smartphone Gadget Safety Tips
To avoid the dangers of having your gadgets infiltrated by malware unknowingly, you can take extra precautions. Here’s how to prevent malware that may spread through browsers on your computer and smartphone.
- Use antivirus on your computer and smartphone, update and scan regularly
- Regularly update the OS (Operating System) on your computer and smartphone
- Avoid using pirated sites and applications on your computer and smartphone
- Avoid installing applications other than from the Google Play Store/Apple App Store
Attack Method 2: The attacker hacks into a third-party online platform
E-Skimming can also happen when the attacker attacks/infects third-party online systems/e-commerce platforms such as online stores, airlines, etc. The victims are all the users of third-party systems!
When paying online using a card, we input data such as full name, credit/debit card number, CVV, and card expiry date. These data should only be used for authorizing transactions. However, malware on the website allows the information to be forwarded to the attacker.
As a result, this sensitive information is available to the attacker and is used for illegal transactions/to break into the victim’s cards. Transactions made by attackers are usually targeted through online merchant websites that do not require 3D secure/OTP such as FB Ads, Google Ads, and so on.
While users may not be able to recognize websites that have been compromised with malware, this can be avoided by securing our debit/credit cards.
Debit/Credit Card Security Tips
There are several ways for you to protect your debit/credit cards. Here’s how to protect your card from e-skimming.
- Maintain the confidentiality of your card such as card number, CVV/CVC code, card expiry date, etc.
- Avoid storing your debit/credit card information on online platforms
- Do not take a photo of your debit and debit cards
- Monitor and review your debit and credit card billing statement
- Use the debit and credit card control feature on BCA mobile application or on myBCA. Deactivate the E-Commerce Transaction feature or Online Debit Transaction feature if not being used.
In conclusion, as e-skimming is rampant, you should always anticipate the risks above by maintaining the security of the following things.
Keep the gadget (computer or smartphone) used for credit/debit card transactions safe by activating an antivirus and avoid installing random applications.
Protect your debit/credit card by keeping your card data confidential and using the debit/credit card control feature on BCA mobile/myBCA to disable e-commerce/online debit transactions when not in use.