Skimming isn’t an unpopular phenomenon. It started as physical card skimming, and you might have seen it in the movies — a fraudster attaches a small device, known as a skimmer, to a card reader at a gas station, ATM, or any other point of sale terminal. The skimmer collects the credit card information of unsuspecting customers, and the fraudster recovers and uses that information and uses it to make purchases online.
But online skimming is different. They’re sometimes called Magecart attacks, a portmanteau of Magento — the Adobe-owned e-commerce platform that was the original target of fraudsters — and cart. Here’s how it works: instead of using physical hardware to steal payment card numbers, hackers place malicious Javascript code called sniffers on websites, and those sniffers lift credit card information from checkout pages or other sensitive forms.
Fraudsters could also add malicious fields to payment forms or create redirect links from which they can collect customers’ credit card info. Magecart skimmers typically put up the collected information for sale on the dark web, for as little as $5 (via PCMag).
So, back to the original question: how do you avoid online skimming scams?
