How credit card scams work and how to defend yourself

It's called skimming and it's one of the most dangerous threats to people who like to shop online. Here's how it works

Credit card scams are very common: many people avoid using this method of payment when shopping online for fear of money and personal data being stolen. Often, if they must, they rely only on popular online stores, which are considered safer.

Unfortunately, due to increasingly sophisticated scam systems, they do not just clone the credit card. Lately, there has been a specific threat circulating, called skimming, which aims to steal customer data from e-commerce sites. However, many stores fail to protect users and end up getting hacked. For example,  it happened in 2018 to the British Airways airline platform and it happens often to many other major companies. Knowing how skimming works and learning how to defend yourself is very important.

Skimming: how the credit card scam works

First of all, this threat aims to steal data from the unfortunate customers of an online store. In order to achieve the goal, the thieves hide JavaScript instructions within the web pages: the aim is to intercept credit card data when it is entered into the system during online payment. The information is not stolen right away, but first passes through the official website and allows the user to finalize the purchase. This way, he or she does not notice anything and does not think that he or she has been scammed. The person will only realize that he has been scammed when he sees the statement or even the invoice in the site that will show a huge expense. Tracing the culprit is quite difficult because the only references are those of the hacked site.

Skimming is difficult to combat because it is quite unlikely to find the culprits. Moreover, these attacks are carried out from time to time on a high number of platforms. In fact, a recent study by Malwarebytes intercepted over 200 e-commerce sites that had been hacked by skimming.

How to defend yourself?

There are several apps and antivirus programs that allow you to intercept unsafe sites or possible dangers before making an online purchase. These apps can be downloaded to both mobile devices and computers.

To increase the level of security you should set up an email notification every time a credit card payment is made, and allow it to be blocked if it is not actually made by the account holder. Finally, in order to be even more protected, it is advisable to use a prepaid card for online purchases: in this way the attacker will be limited to subtract a small amount and not the entire amount of credit. In short, it is possible to defend oneself from skimming: it is necessary to develop strategies that can prevent the fraud or reduce the damages to a minimum.