As consumer spending evolves from offline, in-person transactions to an ever-growing number of digital purchases made online, the levels of fraud follow those spending patterns and preventing or mitigating e-skimming attempts by criminals, becomes an increasingly important part of the process.
OFFLINE CARD SKIMMING IS NOTHING NEW
The simplest answer to defending against e-skimming is tokenization.
In the past, we’ve spoken with clients many times about the notion that consumers have, on occasion, suffered from card skimmers that were able to steal their debit or credit card data by affixing an illegal third-party physical device to an ATM, self-serve gas station pumps or another DIY card-reading apparatus.
Many mistakenly believed that the shift toward digital transactions in the wake of a global pandemic would alleviate these sorts of problems. In fact, shoppers are using digital transactions much more often, as recent surveys have shown 25% percent of customers plan to use cash even less often than they had before the pandemic started.
E-SKIMMING IS BECOMING A SERIOUS PROBLEM
Fraudsters have adapted their scams to continue waging their illegal campaigns, with criminals now deploying e-skimming techniques by injecting malicious code into merchant websites and hijacking the transaction process to steal card data and other personal information during online order checkout. What makes these schemes even more insidious is that the merchant and the consumer often have no way of knowing the scam occurred.
That leaves open the real possibility that a third-party scammer may become able to defraud your customers and give the false impression that you were the cause of the malfeasance or were somehow complicit in their crimes, when they attempt to cash in on their stolen information weeks or months after a legal transaction took place on your site. Regardless of how many precautions you put in place, consumers view any scam that takes place as part of an interaction with your site, as sufficient reason to not return to your site.
For that reason, it is imperative that merchants safeguard their customers’ online transactions in ways that actually do prevent fraud. And the size of the risk is massive: just one recent e skimming attack that exploited a weakness in Adobe software caused widespread damage by compromising more than 2,000 popular e-commerce sites, affecting tens of thousands of consumers potentially.
TOKENIZATION HELPS SHIELD TRANSACTIONS
The simplest answer to defending against e-skimming is tokenization. This process allows shoppers using digital wallets to provide merchants with a single use identifier code that instantly verifies transactions. This method prevents fraudsters from obtaining or using any customer credentials, because none of that sensitive information is passed through at the point of sale during the transaction. When some hear of tokenization, they mistakenly think it is associated with the use of cryptocurrencies like Bitcoin. In reality, consumers can protect themselves just as well by using any third-party payment service at checkout.
DATA FRAGMENTATION REDUCES RISK
Data fragmentation is also a strong defense against e-skimming. By saving their debit or credit card information in a third-party payment account, consumers are able to make purchases digitally by using those accounts without providing any card numbers, card verification value (CVV) codes or other personal information at the point of sale.
Of course, as with anything else in digital security, there is no magic bullet. The key takeaway from all of this is that fragmenting the transaction, so that only the minimum amount of data necessary to complete the sale is passed at the point of sale, is an important part of reducing e-skimming and other methods of third-party fraud finding their way into your site transactions.
Consumer security experts have stated many times that the best way to prevent fraud of this kind is to educate consumers and merchants to help inoculate both legal parties to each transaction by making all aware that these scams exist, and to inform everyone of the benefits in utilizing tokenization methods at the point of sale.
ENABLE RAPID RESPONSE WHEN SITUATIONS ARISE
The ability to quickly detect fraud and to remedy it is essential as well. This is where experienced and properly credentialed payment processing experts can make the biggest difference for merchants, drawing upon years of experience and technological innovation. Payment processors seeking to secure their transactions must offer counter-fraud methods and deploy rapid response to instances of potential vulnerability, while remaining vigilant in ongoing efforts to ensure a fair, functional and frictionless path for consumers and merchants to reach mutual satisfaction on each transaction.
Jonathan Corona has 15 years of experience in the electronic payments industry. As MobiusPay’s EVP, Corona is primarily responsible for day-today operations as well as reviewing and advising merchants on a multitude of compliance standards set forth by the card associations. MobiusPay specializes in merchant accounts in the U.S., EU and Asia. Follow them @MobiusPay on Twitter, Facebook and IG.