opinion

Thwarting E-skimming: Tokenization, Data Fragmentation & Beyond

Thwarting E-skimming: Tokenization, Data Fragmentation & Beyond

As consumer spending evolves from offline, in-person transactions to an ever-growing number of digital purchases made online, the levels of fraud follow those spending patterns and preventing or mitigating e-skimming attempts by criminals, becomes an increasingly important part of the process.

OFFLINE CARD SKIMMING IS NOTHING NEW

The simplest answer to defending against e-skimming is tokenization.

In the past, we’ve spoken with clients many times about the notion that consumers have, on occasion, suffered from card skimmers that were able to steal their debit or credit card data by affixing an illegal third-party physical device to an ATM, self-serve gas station pumps or another DIY card-reading apparatus.

Many mistakenly believed that the shift toward digital transactions in the wake of a global pandemic would alleviate these sorts of problems. In fact, shoppers are using digital transactions much more often, as recent surveys have shown 25% percent of customers plan to use cash even less often than they had before the pandemic started.

E-SKIMMING IS BECOMING A SERIOUS PROBLEM

Fraudsters have adapted their scams to continue waging their illegal campaigns, with criminals now deploying e-skimming techniques by injecting malicious code into merchant websites and hijacking the transaction process to steal card data and other personal information during online order checkout. What makes these schemes even more insidious is that the merchant and the consumer often have no way of knowing the scam occurred.

That leaves open the real possibility that a third-party scammer may become able to defraud your customers and give the false impression that you were the cause of the malfeasance or were somehow complicit in their crimes, when they attempt to cash in on their stolen information weeks or months after a legal transaction took place on your site. Regardless of how many precautions you put in place, consumers view any scam that takes place as part of an interaction with your site, as sufficient reason to not return to your site.

For that reason, it is imperative that merchants safeguard their customers’ online transactions in ways that actually do prevent fraud. And the size of the risk is massive: just one recent e skimming attack that exploited a weakness in Adobe software caused widespread damage by compromising more than 2,000 popular e-commerce sites, affecting tens of thousands of consumers potentially.

TOKENIZATION HELPS SHIELD TRANSACTIONS

The simplest answer to defending against e-skimming is tokenization. This process allows shoppers using digital wallets to provide merchants with a single use identifier code that instantly verifies transactions. This method prevents fraudsters from obtaining or using any customer credentials, because none of that sensitive information is passed through at the point of sale during the transaction. When some hear of tokenization, they mistakenly think it is associated with the use of cryptocurrencies like Bitcoin. In reality, consumers can protect themselves just as well by using any third-party payment service at checkout.

DATA FRAGMENTATION REDUCES RISK

Data fragmentation is also a strong defense against e-skimming. By saving their debit or credit card information in a third-party payment account, consumers are able to make purchases digitally by using those accounts without providing any card numbers, card verification value (CVV) codes or other personal information at the point of sale.

Of course, as with anything else in digital security, there is no magic bullet. The key takeaway from all of this is that fragmenting the transaction, so that only the minimum amount of data necessary to complete the sale is passed at the point of sale, is an important part of reducing e-skimming and other methods of third-party fraud finding their way into your site transactions.

Consumer security experts have stated many times that the best way to prevent fraud of this kind is to educate consumers and merchants to help inoculate both legal parties to each transaction by making all aware that these scams exist, and to inform everyone of the benefits in utilizing tokenization methods at the point of sale.

ENABLE RAPID RESPONSE WHEN SITUATIONS ARISE

The ability to quickly detect fraud and to remedy it is essential as well. This is where experienced and properly credentialed payment processing experts can make the biggest difference for merchants, drawing upon years of experience and technological innovation. Payment processors seeking to secure their transactions must offer counter-fraud methods and deploy rapid response to instances of potential vulnerability, while remaining vigilant in ongoing efforts to ensure a fair, functional and frictionless path for consumers and merchants to reach mutual satisfaction on each transaction.

Jonathan Corona has 15 years of experience in the electronic payments industry. As MobiusPay’s EVP, Corona is primarily responsible for day-today operations as well as reviewing and advising merchants on a multitude of compliance standards set forth by the card associations. MobiusPay specializes in merchant accounts in the U.S., EU and Asia. Follow them @MobiusPay on Twitter, Facebook and IG.

Related:  

Copyright © 2025 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

profile

WIA Profile: Reba Rocket

As chief operating officer and chief marketing officer of Takedown Piracy, long at the forefront of intellectual property protection in adult entertainment, Rocket is dedicated to safeguarding the livelihoods of content creators and producers while fostering a more ethical and sustainable industry.

Women In Adult ·
opinion

Protecting Content Ownership Rights When Using AI

In today’s digital age, content producers have more tools at their disposal than ever before. Among these tools, artificial intelligence (AI) content generation has emerged as a game changer, enabling creators to produce high-quality content quickly and efficiently.

Corey D. Silverstein ·
opinion

How Payment Orchestration Can Help Your Business

An emerging payment solution is making waves in the merchant world: the payment orchestration platform (POP). It’s quickly gaining traction as a powerful tool for managing online payments — but questions abound.

Cathy Beardsley ·
opinion

Fine-Tuning Refund and Cancellation Policies

For adult websites, managing refunds and cancellations isn’t just about customer service. It’s a crucial factor in maintaining compliance with the regulations of payment processors and payment networks such as Visa and Mastercard.

Jonathan Corona ·
profile

WIA Profile: Laurel Bencomo

Born in Cambridge, England but raised in Spain, Laurel Bencomo initially chose to study business at the University of Barcelona simply because it felt familiar — both of her parents are entrepreneurs. She went on to earn a master’s degree in sales and marketing management at the EADA Business School, while working in events for a group of restaurants in Barcelona.

Women In Adult ·
profile

Gregory Dorcel on Building Upon His Brand's Signature Legacy

“Whether reflected in the storyline or the cast or even the locations, the entertainment we deliver is based on fantasy,” he elaborates. “Our business is not, and never has been, reality. People who are buying our content aren’t expecting reality, or direct contact with stars like you can have with OnlyFans,” he says.

Jeff Dana ·
opinion

How to Turn Card Brand Compliance Into Effective Marketing

In the adult sector, compliance is often treated as a gauntlet of mandatory checkboxes. While it’s true that those boxes need to be ticked and regulations must be followed, sites that view compliance strictly as a chore risk missing out on a bigger opportunity.

Jonathan Corona ·
opinion

A Look at the Latest AI Tools for Online Safety

One of the defining challenges for adult businesses is helping to combat the proliferation of illegal or nonconsensual content, as well as preventing minors from accessing inappropriate or harmful material — all the more so because companies or sites unable or unwilling to do so may expose themselves to significant penalties and put their users at risk.

Gavin Worrall ·
opinion

Know When to Drop Domains You Don't Need

Do you own too many domains? If so, you’re not alone. Like other things we accumulate, every registered domain means something to us. Sometimes a domain represents a dream project we have always wanted to do but have never quite gotten around to.

Juicy Jay ·
opinion

Understanding 'Indemnification' in Business Contracts

Clients frequently tell me that they didn’t understand — or sometimes, even read — certain portions of a contract because those sections appeared to be just “standard legalese.” They are referring, of course, to the specialized language used in legal documents, including contracts.

Corey D. Silverstein ·
Show More