What is skimming in cybersecurity?

Skimming in cybersecurity is a strategy used by cybercriminals to capture and steal cardholders’ personal payment information. To steal card data, identity thieves have many methods. A small skimming device that reads a credit card’s magnetic strip or microchip information is one of the most sophisticated methods used by identity thieves. Skimming attacks can be carried out by criminals whenever cardholders choose to make electronic payments in person.

There are many digital skimming techniques. Digital skimming is often referred to as “e-skimming”. It’s similar to card skimming. The difference is that hackers can remotely execute e-skimming and steal card information in real-time.

Why You should be concerned

The Kaspersky Security Bulletin Statistics for the Year Report shows that unique malicious objects increased 13.7% in 2019. The growth was largely due to web skimmer files, which saw a 187% increase and reached a total number of 510,000. Web skimmers ranked at number ten in the list of top 20 online malicious objects.

Most countries implemented lockdowns to stop the spread of the virus. Online shopping exploded and credit card skimming also increased. Malwarebytes reported that there was a 26% increase in credit card skimming between March 2019 and March 2020. Malwarebytes believes that web skimming blocks saw a slight increase of 2.5% between January and February, but that this trend will continue to rise in the future.

30% are due to credit card skimming. Credit card skimming is responsible for nearly three-quarters of all retail data breaches. This situation is worsened by the fact that at least 60% of websites do not have HTTPS security. Credit card information can be exposed to e-skimmers. Notable is the fact that 87% of credit card skimming attacks target self-service stations such as petrol stations.

Methods of skimming in cybersecurity

Credit card skimming

There are many ways to skim credit cards and debit cards. These include:

1. Skimming of point-of-sale transactions by hand

Like other types of attacks, insider threats are the most prevalent in skimming strategies. Hand-held skimming is when an insider (such as a waiter, clerk, or another staff member) uses a skimming device to steal credit card details. This tactic is most commonly used by cybercriminals in retail establishments. To steal the magnetic stripe information, an adversary needs to simply swipe the credit card in a scanner. This information can later be used in malicious activities. Because skimming devices are small adversaries can hide them easily. This makes hand-held POS skimming easy.

2. POS swaps

POS swaps are a common skimming method in cybersecurity. This involves fraudsters swapping a secure POS device for one whose security features have been compromised. A POS device tampering is also known as POS device swapping. This happens when adversaries alter a POS or PIN entry device. The devices are usually stolen from specific retailers. Cybercriminals then manipulate the terminal software by placing malware on them or inserting a small skimming device. The fraudster returns the compromised devices and then waits for the skimming device to copy all customer transaction data. Cybercriminals then wait for the right time to return the compromised devices and steal the stolen card data.

3. Self-service skimming

Self-service skimming attacks are carried out by criminals against self-service terminals such as ATMs, gasoline pumps, and other similar ones. To gain access to service terminals, cyber adversaries often pose as technicians and install a skimming device. They place the devices within the terminal enclosures so that they are difficult to detect from the outside. The attackers then attach the devices to the terminals’ card readers or keypads so that they copy all card data and PINs once the user swipes them. Advanced skimming devices are used by criminals to transmit the copied information wirelessly, such as Bluetooth to a computer hiding nearby. Others use pinhole-sized cameras to capture PIN information from customers as they enter it. Criminals have enough information to compromise credit cards and make nefarious use of them, including card data and PINs.

4. ATMs for Dummies

Dummy ATMs are still quite common, but they pose serious cybersecurity threats. Dummy ATMs look like smaller entry-level ATMs. However, they do not dispense cash. Dummy ATMs are used by criminals to collect card PINs and other data. To trick more people into inserting cards, cyber adversaries place dummy ATMs at high-traffic locations.


Security researchers discovered e-skimming as a new threat to cybersecurity. E-skimming is a remote alternative to pervasive skimming, which involves attackers placing skimming devices into physical POS systems, and then collecting the copied data. This allows e-skimmers to attack any location in the world.

E-skimming is when hackers insert malicious software onto a website of a retailer and use it to steal passwords. Because it doesn’t involve the manipulation of physical facilities, it is easier to detect. Although customers may think they are using their credit or debit cards to check out, hackers use malicious software in real-time to steal payment information. The stolen information can be used by hackers to harm others or sold to several criminals via the dark web. An investigation can only reveal if an e-skimming plan is being used by the website owner.

An e-skimming campaign involves many hacking groups who collaborate to develop strategies to target vulnerable websites. Hackers hack into websites to compromise security. Hackers then insert malicious skimming codes into websites that have exploitable vulnerabilities. All e-skimming attacks involve a malicious script called Magecart. These attacks are also known as Magecart attacks. Hackers often introduce the Magecart code by hacking administrative controls or using Phishing methods. Once the code is placed, compromised accounts are used to place it. Cybercriminals may also hide malicious skimming codes in websites’ JavaScripts to compromise third-party suppliers. Hackers have instant access to thousands of victims by compromising third-party suppliers. The Magecart script for skimming captures credit card and user account information and sends them to a specific server.

Recent e-skimming cases

1. Macy’s

Magecart script attackers attacked Macy’s in October 2019, a U.S. departmental store chain. Official statements from the store revealed that malicious scripts were installed on Macy’s.com and the checkout page. The malicious code collected customer information such as credit card numbers and expiration dates, addresses, and customer names. It also included card verification codes.

2. Puma

The Magecart malicious code made Puma’s Australian victim. Willem de Groot is a security researcher who claims that the hidden code accessed all credit card details of customers who visited the website to shop online during the checkout process. Credit card numbers, customer addresses, and credit card names were all stolen. They were then transferred to a remote server in Ukraine.

3. British Airways

British Airways was also a victim of the same malware. More than 380,000 credit card numbers were stolen in the incident. Hackers had placed malicious code on the company’s website worldwide and retrieved credit card information. The stolen data included names, bank details, billing addresses, and names.

Identity theft and skimming

As opposed to being one incident, identity theft can often involve hacking away victims’ digital identities. Criminals can access difficult-to-get digital information such as passwords, email addresses, social security numbers, and bank accounts by skimming cybersecurity. Identity skimming is encouraged by card skimming. Attackers often use different methods and malware to execute separate incidents. Skimming is a successful attack that gives fraudsters enough time and space to use credit card information maliciously before the bank or owner notices the fraudulent activity. While cardholders might be able to receive a refund for the misappropriated funds, it is not common.

Card skimming, for example, allows criminals to access encrypted information. This includes the CVV number, country code, and expiration date of the cardholder, as well as the card number and full official names. The information can be used by fraudsters to commit different crimes or sold on the dark internet. Cybercriminals can also use the skimmed card to obtain a timestamp and location of all cardholders. Skimming can not only compromise the identity of victims but also their privacy.

Card skimming can lead to identity theft. Many cybercriminals take all the funds before the owner realizes it. Others create cloned cards and distribute them to be used in calculated fraudulent activities. While others wait, they can also steal vital identity information. To avoid detection by cardholders and banks, fraudsters use the waiting game to make infrequent cash withdrawals or purchase small amounts of money.

Skimmer laws that were recently implemented require victims to report skimmers within 24-hours of being discovered. However, law enforcement agencies won’t share the locations. Card users who want to avoid potential skimmer fraud become vulnerable to identity theft. The best way to prevent identity theft by skimming is to monitor your card statements closely to identify suspicious or unaccountable card activity.

Who’s at greatest risk?

Skimming attacks can be a problem for all e-commerce websites without adequate security measures. Hackers are constantly evolving and using new methods to achieve a higher success rate. Websites without the most recent security measures are more vulnerable to skimming attacks.

Recent research showed that one out of five Magecart-infected shops is re-infected within a few days after the initial infection. To prevent a recurrence, it is important to disinfect infected areas and to fix any underlying problems. Other evolving threats can easily lead to reinfection. Open-source software like Magento is vulnerable to skimming attacks unless it is regularly patched.

Security measures to curb skimming

Account Monitoring

Cardholders should ensure that they regularly monitor their bank and card accounts to spot suspicious transactions. If they are victims of a skimming campaign, consumers have a window of opportunity to challenge unaccountable charges. Cardholders can use stolen card credentials to sell or transfer them to criminals. Reporting abnormal card usage behavior protects them from being held responsible for illegal card usage.

Prioritize low limit cards

When making online transactions and purchases, cardholders should make sure they only use low-limit credit cards. Low-limit cards allow you to limit the credit card’s maximum charge. A low-limit card is useful in limiting the maximum amount that can be charged to a credit card if a hacker pulls off an e-skimming attempt. It is possible to determine if credit card information was compromised based on card usage.

Pre-plan online shopping

A consumer should plan which items they will purchase from online retailers and what they will spend. Pre-planning is a great way to help consumers stick to their shopping budgets. It also helps to prevent users from being lured into opening multiple online accounts. Multiple online shopping sites can spread credit card information, increasing the chance of being swindled. The risk of a consumer falling prey to an e-skimmer is reduced by limiting online shopping.

Shop on trusted websites

Higher trust means that an online retailer can be trusted to provide security protocols to protect card data. Secure websites are best for consumers. SSL certificates are used to encrypt information between clients and servers on secure websites. Secure websites use secure encryption to protect card information from skimming.