opinion

Thwarting E-skimming: Tokenization, Data Fragmentation & Beyond

Thwarting E-skimming: Tokenization, Data Fragmentation & Beyond

As consumer spending evolves from offline, in-person transactions to an ever-growing number of digital purchases made online, the levels of fraud follow those spending patterns and preventing or mitigating e-skimming attempts by criminals, becomes an increasingly important part of the process.

OFFLINE CARD SKIMMING IS NOTHING NEW

The simplest answer to defending against e-skimming is tokenization.

In the past, we’ve spoken with clients many times about the notion that consumers have, on occasion, suffered from card skimmers that were able to steal their debit or credit card data by affixing an illegal third-party physical device to an ATM, self-serve gas station pumps or another DIY card-reading apparatus.

Many mistakenly believed that the shift toward digital transactions in the wake of a global pandemic would alleviate these sorts of problems. In fact, shoppers are using digital transactions much more often, as recent surveys have shown 25% percent of customers plan to use cash even less often than they had before the pandemic started.

E-SKIMMING IS BECOMING A SERIOUS PROBLEM

Fraudsters have adapted their scams to continue waging their illegal campaigns, with criminals now deploying e-skimming techniques by injecting malicious code into merchant websites and hijacking the transaction process to steal card data and other personal information during online order checkout. What makes these schemes even more insidious is that the merchant and the consumer often have no way of knowing the scam occurred.

That leaves open the real possibility that a third-party scammer may become able to defraud your customers and give the false impression that you were the cause of the malfeasance or were somehow complicit in their crimes, when they attempt to cash in on their stolen information weeks or months after a legal transaction took place on your site. Regardless of how many precautions you put in place, consumers view any scam that takes place as part of an interaction with your site, as sufficient reason to not return to your site.

For that reason, it is imperative that merchants safeguard their customers’ online transactions in ways that actually do prevent fraud. And the size of the risk is massive: just one recent e skimming attack that exploited a weakness in Adobe software caused widespread damage by compromising more than 2,000 popular e-commerce sites, affecting tens of thousands of consumers potentially.

TOKENIZATION HELPS SHIELD TRANSACTIONS

The simplest answer to defending against e-skimming is tokenization. This process allows shoppers using digital wallets to provide merchants with a single use identifier code that instantly verifies transactions. This method prevents fraudsters from obtaining or using any customer credentials, because none of that sensitive information is passed through at the point of sale during the transaction. When some hear of tokenization, they mistakenly think it is associated with the use of cryptocurrencies like Bitcoin. In reality, consumers can protect themselves just as well by using any third-party payment service at checkout.

DATA FRAGMENTATION REDUCES RISK

Data fragmentation is also a strong defense against e-skimming. By saving their debit or credit card information in a third-party payment account, consumers are able to make purchases digitally by using those accounts without providing any card numbers, card verification value (CVV) codes or other personal information at the point of sale.

Of course, as with anything else in digital security, there is no magic bullet. The key takeaway from all of this is that fragmenting the transaction, so that only the minimum amount of data necessary to complete the sale is passed at the point of sale, is an important part of reducing e-skimming and other methods of third-party fraud finding their way into your site transactions.

Consumer security experts have stated many times that the best way to prevent fraud of this kind is to educate consumers and merchants to help inoculate both legal parties to each transaction by making all aware that these scams exist, and to inform everyone of the benefits in utilizing tokenization methods at the point of sale.

ENABLE RAPID RESPONSE WHEN SITUATIONS ARISE

The ability to quickly detect fraud and to remedy it is essential as well. This is where experienced and properly credentialed payment processing experts can make the biggest difference for merchants, drawing upon years of experience and technological innovation. Payment processors seeking to secure their transactions must offer counter-fraud methods and deploy rapid response to instances of potential vulnerability, while remaining vigilant in ongoing efforts to ensure a fair, functional and frictionless path for consumers and merchants to reach mutual satisfaction on each transaction.

Jonathan Corona has 15 years of experience in the electronic payments industry. As MobiusPay’s EVP, Corona is primarily responsible for day-today operations as well as reviewing and advising merchants on a multitude of compliance standards set forth by the card associations. MobiusPay specializes in merchant accounts in the U.S., EU and Asia. Follow them @MobiusPay on Twitter, Facebook and IG.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Best Practices for Payment Gateway Security

Securing digital payment transactions is critical for all businesses, but especially those in high-risk industries. Payment gateways are a core component of the digital payment ecosystem, and therefore must follow best practices to keep customer data safe.

Jonathan Corona ·
opinion

Ready for New Visa Acquirer Changes?

Next spring, Visa will roll out the U.S. version of its new Visa Acquirer Monitoring Program (VAMP), which goes into effect April 1, 2025. This follows Visa Europe, which rolled out VAMP back in June. VAMP charts a new path for acquirers to manage fraud and chargeback ratios.

Cathy Beardsley ·
opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
opinion

The Need for Minimal Friction in Age Verification Technology

In the adult sector, robust age assurance, comprised of age verification and age estimation methods, is critical to ensuring legal compliance with ever-evolving regulations, safeguarding minors from inappropriate content and protecting the privacy of adults wishing to view adult content.

Gavin Worrall ·
Show More