Skimming in Cybersecurity


Skimming in Cybersecurity- In cybersecurity, what is skimming? Skimming is a term used in cybersecurity to describe how attackers capture and steal cardholders’ personal payment information. To get card data, identity fraudsters employ a variety of methods. One of the most advanced approaches is to use a small skimming device to read the microchip or magnetic strip information on a credit card. When a cardholder chooses electronic payment methods in a physical location, criminals can carry out skimming attacks.

Methods of digital skimming are also widely used. Digital skimming, often known as e-skimming, is comparable to card skimming. The primary distinction is that e-skimming may be done remotely and card information can be collected in real time.

Why should you be concerned?

Unique harmful objects climbed by 13.7 percent in 2019, according to the Kaspersky Security Bulletin Statistics of the Year Report. Web skimmer files accounted for a substantial portion of the increase, as they increased by 187 percent to 510,000. Web skimmers were likewise ranked tenth among the top twenty internet harmful objects.

Most countries implemented lockdowns in response to the COVID-19 outbreak in order to prevent the virus from spreading. Online purchasing, as well as credit card stealing, skyrocketed as a result. In March 2020, Malwarebytes observed a 26% rise in credit card skimming compared to the previous month. Malwarebytes believes that the tendency will continue rising in the following years, despite a slight increase of 2.5 percent in online skimming blocks from January to February before a 26 percent surge in March.

Credit card skimming is responsible for 30% of all data breaches aimed at shops. Credit card skimming is blamed for over a third of retail data breaches, demonstrating how ubiquitous the practise is. The dilemma is exacerbated by the fact that at least 60% of websites do not use HTTPS encryption, leaving credit card information vulnerable to e-skimmers. It’s also worth noting that 87 percent of recorded credit card skimmer hacks target self-service businesses like gas stations.

What is skimming in cybersecurity? – The 4 types

Credit card skimming

Skimming of debit and credit cards takes several forms. These are some of them:

Hand-held point of sale skimming

Insider threats, like other sorts of attacks, are the most common in skimming operations. An insider, such as a waiter or store employee, uses a skimming device to duplicate credit card details using a hand-held skimming method. The approach is typically used by cybercriminals at retail establishments. To collect the information encoded on the magnetic stripe, an attacker merely needs to swipe the credit card through a skimming device. The data can be downloaded later and used for nefarious purposes. Due to the small size of skimming devices, opponents may readily disguise them, making hand-held POS skimming prevalent.

POS swaps

In the field of cybersecurity, POS swaps are a common skimming technique. Fraudsters replace a protected POS device with one whose security features have been compromised in this method. A POS swap attack, also known as POS device tampering, happens when adversaries tamper with a POS and PIN entry device. Cybercriminals typically take devices from certain stores and manipulate them by infecting them with malware or embedding a small skimming device in terminal software. The compromised devices are then returned to the fraudsters, who wait for the skimming devices to copy and capture card data from all customer transactions. The fraudsters return at a later date to replace the skimming devices and collect the duplicated card information.

Self-service skimming

Self-service skimming attacks are carried out against self-service terminals such as ATMs, gas pumps, and other similar terminals. To get easy access to service terminals and install a skimming device, cyber attackers commonly act as technicians. The gadgets are hidden inside the enclosures of the terminals so that they cannot be detected from the outside.

When a user swipes a card, the attackers attach the devices directly to the card readers and keypads of the service terminals, copying all card PINs and data. Some criminals employ complex skimming devices to send the copied information to a computer hidden nearby using wireless technologies such as Bluetooth. Other fraudsters improve their methods by strategically placing pinhole-sized cameras to capture PIN information as soon as a customer inputs it. Criminals can breach credit cards and exploit them for malicious purposes using card data and PIN details.

Dummy ATMs

Despite the fact that they are less widespread today than they were in the past, mock ATMs remain a serious threat to the cybersecurity industry. Dummy ATMs look like real entry-level and smaller ATMs, but they don’t distribute cash. They’re commonly acquired online. Dummy ATMs are used by criminals for the express aim of acquiring card PINs and data. The counterfeit ATMs were set up in high-traffic regions by cyber enemies to deceive more customers into inserting their cards.


E-skimming, a new skimming issue in cybersecurity, was recently found by security researchers. Unlike ubiquitous skimming, which requires attackers to install skimming devices in real POS systems and then collect the duplicated data, e-skimming may be done remotely. The distinction allows e-skimmers to carry out the attack from anywhere on the planet.

When a cybercriminal injects malicious software into a retailer’s website and exploits it to steal credentials, this is known as e-skimming. Because it does not entail interfering with a physical facility, it is more difficult to detect. Customers may believe they are using their debit or credit cards to check out, but hackers are deploying malicious software to steal payment information in real time. Attackers either utilise the stolen data for malicious purposes or sell it to a large number of criminals on the dark web. An e-skimming plan can only be discovered through examination by the website owner.

Several hacker organisations frequently collaborate on devising tactics for targeting vulnerable websites in an e-skimming campaign. Hackers can compromise the security of a website by breaking into its web server or a web server that supports several websites. After that, the attackers inject malicious skimmer code into websites with vulnerable flaws.

All e-skimming attacks use a malicious script known as Magecart, which is why the assaults are called Magecart Attacks. Hackers typically use compromised accounts to introduce the Magecart script by hacking administrative control or utilising phishing methods. Furthermore, attackers can hide harmful skimming code in the JavaScript of a website to corrupt third-party vendors. Hackers have fast access to thousands of victims thanks to hacked third-party vendors. The Magecart skimming script collects and sends user account and credit card information to a specified server.

Recent e-skimming cases


In October 2019, a Magecart script assault hit Macy’s, a major department store chain in the United States. The business issued an official statement revealing that the malicious script had been placed on two pages of its official website: the checkout page and Credit card numbers, expiration dates, addresses, customer names, phone numbers, and card verification codes were all captured by the malicious code.


The Magecart malware script took out Puma’s Australian. The secret code stole the credit card credentials of all clients who used the website for online shopping during the checkout process, according to Willem de Groot, a security researcher. Credit card details, names, and client addresses were stolen and sent to a remote server in Ukraine.

British Airways

The same malware infected British Airways, resulting in the loss of more than 380,000 credit card numbers. The malicious code was introduced into the company’s global website, and it scraped various credit card data. Billing addresses, names, bank account numbers, and names were among the information stolen.

Identity theft and skimming

Rather than being a single act, identity theft frequently involves chipping away at a victim’s digital identity. Criminals can obtain hard-to-get digital information like login credentials, emails, bank accounts, and social security numbers by skimming in cybersecurity.

Because attackers often carry out separate operations using different methods and malware, card skimming breeds identity skimming. A successful skimming attack allows thieves to utilise credit card information maliciously before the owner or bank recognises the illegal activity. Although cardholders may be fortunate enough to receive a reimbursement of the monies that have been misused, the damage is usually irreversible.

Card skimming, for example, gives criminals access to encoded data such as the cardholder’s CVV number, country code, expiration date, card number, and full official names. Fraudsters can exploit the data for a variety of crimes or sell it on the dark web. Cybercriminals can utilise a skimmed card to gain a timestamp of all the cardholders’ activities and locations, in addition to doing nefarious acts. As a result, skimming jeopardises not only the security of the victims’ identities, but also their privacy.

Card skimming results in the theft of personal information. Cybercriminals frequently remove all funds before the owner notices, while others build clone cards and disperse them for use in calculated fraudulent actions. Fraudsters play the waiting game by making tiny, infrequent cash withdrawals or transactions to avoid discovery by cardholders or banks.

Skimmer rules recently enacted require victims to report skimmers within 24 hours of discovery, however law enforcement agencies will not divulge the locations of the skimmers. As a result, cardholders who want to avoid skimmer fraud risk becoming victims of identity theft. As a result, the most efficient strategy to avoid identity theft by skimming is to keep a constant eye on card statements for any unusual or suspect card activity.

Who is at risk the most?

Skimming attacks are a threat to all e-commerce websites that do not have adequate security procedures. Hackers are always evolving and employing new attack strategies in order to achieve a greater success rate. Websites that do not have the most up-to-date security safeguards are exposed to skimming attacks.

According to a recent survey, one out of every five Magecart-infested stores becomes infected again within a few days following the initial infection. To avoid re-infection, it’s critical to clean infected systems and minimise or correct underlying vulnerabilities. Otherwise, re-infection may be a simple matter of shifting threats. Furthermore, unless regularly patched, open-source software like Magento are subject to skimming attempts.

Measures for curbing skimming in cybersecurity

Account monitoring

Cardholders must monitor their cards and bank accounts on a regular basis to spot suspicious activity. If they are the victims of an e-skimming campaign, consumers usually have a limited amount of time to protest unauthorised payments. Stolen card credentials can be used or sold to other criminals, and reporting unusual card usage behaviour protects cardholders from being held liable for illicit card usage.

Prioritize low-limit cards

When making online purchases and transactions, cardholders should use low-limit credit cards. A low-limit card allows you to limit the maximum amount you can charge on your credit card. A low-limit card can reduce the amount of damage a criminal can do to a stolen card if a hacker pulls off a successful e-skimming assault. As a result, based on card activity, determining whether credit card information has been hacked is simple.

Pre-plan online shopping

It is a good idea for a consumer to plan ahead of time what they want to buy and from which online stores. While pre-planning helps consumers stay to their buying budgets, it’s also important for users to avoid getting enticed into accessing several internet accounts. Buying purchases from various online stores spreads your credit card information from one website to the next, increasing your chances of being a victim of an e-skimmer. The chance of a consumer being a victim of an e-skimmer is reduced when online shopping places are limited.

Shop from trusted websites

The higher the likelihood that an online merchant has adopted sophisticated security mechanisms to secure card information, the more trustworthy the retailer is. Customers should also only shop on safe websites. SSL certificates encrypt data sent between a client and a server and are used by secure websites. Card information is protected against e-skimming methods on websites that use security encryption.

Jennifer Thomas
Jennifer Thomas is the Co-founder and Chief Business Development Officer at Cybers Guards. Prior to that, She was responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services.