It’s here, the most retail time of the year!
On Thanksgiving eve, as turkeys are prepped, cranberries jellied and potatoes mashed, visions of deals, steals and untold bargains will dance in the minds of consumers while retailers prepare in anticipation for the busiest five shopping days of the year. The National Retail Federation predicts an estimated 165.3 million people from Thanksgiving day to Cyber Monday will be in stores snagging promised door buster sales or online nabbing legendary cyber deals. Whether you are consumer or retailer, you need to be aware of another group hoping to score big this holiday shopping season—thieves. It doesn’t matter if you are shopping online or in a brick and mortar store, anywhere there is money exchanged the risk of theft is also present.
As consumers increasingly prefer electronic payments over cash in hand, would be criminals have developed new and sophisticated ways to pilfer wallets. Skimming has emerged as the modern equivalent of pick-pocketing, only more prolific and damaging.
What is Skimming?
Just as you may skim this article to capture key takeaways, a criminal will skim data encrypted on your debit or credit card or capture information from an online transaction to gain access to your money. In instances where you use your debit/credit card in person, a thief relies on a skimmer, a portable device that is temporarily attached to a credit or debit card reader—this could be an ATM machine, gas pump or a restaurant or store’s credit card machine. That gas pump you just conveniently used your card at while you were rushing to work? In the same instant you pressed yes for your receipt and before you even pulled out of the parking lot the thief has recorded your information and is preparing to make their first of many transactions before you are ever alerted to suspicious activity. By stealthily and, typically, unnoticeably attaching the copper-based devices over the card-reader, the criminals simply sit in wait to steal from unsuspecting customers.
E-Skimming
Unsurprisingly skimming has gone digital, targeting online commerce but also businesses and organizations that maintain stores of personal data, such as hospitals, financial agencies and government institutions. Instead of a portable device, cyber criminals introduce a malicious code on e-commerce payment pages where consumers enter their credit card and personally identifiable information. As information is entered on the page, the code arms the cybercriminal with real time access to the data as it is entered which is captured, sent to a domain under their control and either sold or used to make fraudulent purchases. All this can occur before you have even received a confirmation email thanking you for your purchase.
It is nearly impossible for consumers to recognize if a website is compromised by an e-skimmer and it is imperative that businesses implement measures to protect themselves and their consumers. Following a recent uptick in e-skimming incidents and in anticipation of the holiday shopping season, the FBI issued warnings about e-skimming and advised businesses and agencies on how best to protect themselves. Their recommendations for enterprises and business include updating malware software, segregating systems, changing credentials and implementing best practices and education to reduce the risk of a skimming attack. Such practices will serve to help businesses better protect their online consumers from fraud. As a consumer the following are additional measures and ways to protect yourself from getting skimmed, whether you are shopping on line or in stores:
Be Aware:
- At self-pay stations (like gas pumps) especially those without an employee close by always inspect the card reader before using. Are there unusual seams, gaps or do parts not look the same? If in doubt, tug on it, is anything lose? If possible compare to other card readers in the vicinity.
- Always shield the key board when entering your pin.
- Restaurants and bars are common settings for skimming, as a patron’s card can be run through an out-of-sight skimming machine by a dishonest employee. If you doubt a vendor, use cash or a check.
- Schemes often involve the use of a fake keypad overlay that records and sends your PIN number. Thieves may also record you typing your PIN with a hidden camera.
- Gas stations often go unregulated and are thus a prime target for the installation of skimming devices. To sidestep theft of your PIN, always choose the CREDIT option when prompted to choose at the pump.
- Banks and businesses are most compromised by skimming when their facilities go unmonitored; choose vendors who use a trusted security service to prevent covert skimmer installations.
- Always inspect the ATM machine before you insert your card; the card reader should not protrude from the surface of the machine. If you see any oddly placed holes, they might contain hidden cameras.
- Many ATMs now display pictures of what the keypad interface should look like. Take note of the picture, and if the actual keypad looks different, it could be a thief’s faux device.
- Anything that appears unsightly, unusual, or broken might hide a crook’s machine; if you are suspicious, don’t use the ATM.
- Be wary of email attachments and always create strong passwords on all your systems and accounts. Use multi-factor authentication when available.
- Monitor your accounts regularly. Set up alerts to detect and communicate unusual activity.
If You Discover Fraud
- Report the fraudulent transaction right away to both your bank and cardholder. Thieves aren’t the only ones with advanced technology — credit card companies can use data mining and sophisticated algorithms to identify patterns based on card users’ complaints. When fraud victims have a particular merchant or bank in common, investigation of that establishment may lead to identification of the perpetrators.
- Request a new card with new information so that you can regain control of your personal funds.
- Though inconvenient, the easiest way to avoid skimming is to carry and use cash. Withdraw directly from your bank teller, and skimmers won’t ensnare you with their tricks.
Stay vigilant to keep your personal information and bank account safe and secure this holiday shopping season.