What is Online Skimming and How to Avoid It

Card skimming, implemented through card reading slips on ATM machines, is familiar to many. Nowadays this type of credit card fraud is also appearing on the web. Of course, it is improved and adapted according to its new ‘habitat’. But the crux of the matter remains the same: the theft of credit card information for its use in criminal undertakings.

On the web, harmful Javascript code effectively replaces the skimmers on the card slots. In order to introduce this code onto the servers of internet shops (it is precisely online stores that turn out to be the most frequent victims of these frauds), hackers exploit vulnerabilities which exist in the websites’ software. After the installation, the spyware reads the data from the credit cards input by clients while making purchases. The information of every credit card payment conducted in the shop is thereby intercepted and sent off to a server under the assailant’s control. After that the thief is able to either sell the card number (on the black market the average price of one “lot” ranges around ten dollars) or use the other person’s credit card himself.

All the while protected HTTPS-connection won’t help to protect the data: since the malware is installed on the shop’s server, information leakage takes place even before the process of encryption. Often a break-in will leave no trace not only for the customer, whose data was abducted but even for the owners of the merchant websites.

Online skimming at first attracted serious attention to itself at the end of 2015, when researchers found over 3000 internet shops which were “pouring out” client cards’ information. For most of the identified websites, the skimming code worked over the span of a few months, and in certain places even more than half of a year. You don’t even want to imagine how many credit card numbers were compromised during this period.

Since then a year has passed. What are the results? Now the number of merchant sites with online skimming has increased significantly.

One of the factors which impact the increase of infected stores was that hackers learned to skillfully mask the harmful code, making its detection quite difficult. If a year ago just one type of online skimmer with a few modifications in the code was generally used, then today nine types of JS-scripts related to three different families are revealed.

However, the main reason for the spread of online skimming is that the managers of internet stores are not quite concerned to eliminate it. After the detection of the problem, the owners of the resources were at once informed by researchers about vulnerabilities that the data protection systems on their websites had. Unfortunately, the overwhelming majority didn’t react to that with due attention. Some simply did not respond to the warnings of specialists, some doubted the presence of spyware on their sites, claiming their data protection systems to be all in order.

Meanwhile, there are certain means allowing not only to escape these harmful “additions” but moreover to prevent reinstallation. This is a special software for scanning websites for the presence of vulnerabilities and changes in code able to exercise daily monitoring and report arising problems.

Insofar as the store owners are clearly not aware of serious problems, it is worthwhile for potential customers to take individual care of the protection of their data and their funds.

In order to do that:

  • Check the domain of the specific store before making a purchase in it in reference to the list of compromised stores (for example, such lists can be found on the site MageReports.com)
  • It is better to use large, tested internet shops, where there is at least some sort of expectation that online skimming and phishing (yet another modern day online disease) are tracked and intersected by information security specialists.
  • It is preferable to have a separate card for online purchases, where funds are credited only in the amount necessary for the acquisition of goods.
  • It is worthwhile to verify each bank operation (best with a one-time password, two-factor authentication).

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Author: Morgan

Share This Post On


  1. This blog was… how do I say it? Relevant!! Finally I’ve found something that helped me. Thank you!

    Post a Reply
  2. Good day! This is my 1st comment here so I just wanted to give a quick shout out and tell you I genuinely enjoy reading your articles. Can you suggest any other blogs/websites/forums that cover the same topics? Thanks a lot!

    Post a Reply
    • Michael, thank you for the feedback. We appreciate it much. Look at the ThreatPost, the Security Ledger, the DarkReading, and ZDNet. Besides, there are nice cybersecurity blogs by Brian Krebs, Graham Cluley, and Bruce Schneier.

      Post a Reply
  3. It’s an awesome post in support of all the web visitors; they will take benefit from it I am sure.

    Post a Reply
  4. Hello there! I could have sworn I’ve been to this blog before but after looking at some of the posts I realized it’s new to me. Anyhow, I’m definitely delighted I came across it and I’ll be bookmarking it and checking back frequently!

    Post a Reply
  5. Excellent post! We will be linking to this great article on our site. Keep up the great writing.

    Post a Reply
  6. Very nice write-up. I absolutely love this site. Keep writing!

    Post a Reply
  7. whoah this blog is great i like reading your posts. Stay up the good work! You understand, many people are searching around for this information, you could aid them greatly.

    Post a Reply
  8. Very nice article, exactly what I wanted to find.

    Post a Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from Protectimus blog.

You have successfully subscribed!

Share This