Digital skimming is one of the latest and most insidious cybercrime threats to e-commerce businesses. Cyberattackers steal users’ credit card information as they’re entering it into an online payment form.

If you’ve moved more of your business online in the past year and e-commerce with digital payments has become the way you’re doing business, digital skimming is a threat you really have to pay attention to.

What is digital skimming?

In a digital skimming scheme, criminals steal customer data through infected checkout pages. Hackers install malware from a variety of different entry points, including a common server or by gaining administrative access to an individual site, and then “skim,” or steal, personal and/or payment information the moment customers type it into the site.

Digital skimming, also known as “e-skimming” or “web skimming,” is far more sophisticated than the practice known simply as skimming, in which criminals install physical devices that can steal credit card information right from ATMs or gas pumps.

This new crime is done entirely online, and the malware that makes it possible is notoriously difficult to detect. Most digital skimming attacks incur serious financial and customer relations damages, making it a giant e-commerce security threat.

Is it different from magecart?

Magecart is another name for digital skimming. The moniker comes from a massive digital skimming attack identified in 2015, in which shoppers at thousands of online stores had their credit card information stolen.

E-commerce platform Magento was the target of that breach, and security experts coined the term “magecart” as a combination of Magento and “shopping cart.” Now, magecart is used generally to refer to any type of digital skimming attack where hackers steal personal information with malware via an online checkout page.

How do I protect my customers from digital skimming attacks?

Digital skimming is difficult to recognize, especially in small businesses, which do not usually consider themselves a focus of attacks like these. Big enterprise e-commerce sites are usually the targets because the attackers’ goal is to steal as many credit cards as quickly as possible without being detected. Even with their massive cybersecurity platforms in place, these companies are hacked.

Still, no business is immune from skimming, and there are important steps you can take to make sure customer payment info stays safe:

• Invest in security tools. This is the biggest and most important step you can take. A BullGuard study found 43% of small businesses don’t have any type of cybersecurity plan, and they almost always wind up paying the price. Invest in security tools, including both malware protection, which can spot when a digital skimmer has made their way onto your system, as well as vulnerability assessment tools, which will help you spot your weaknesses so they never have the chance.
• Always use strong authentication methods. Restrict administrative access to only the most necessary employees at your business. Your employees may not knowingly be letting in cybercriminals, but the more opportunities sophisticated hackers have to break into your site, the more they’ll take. Make sure that everyone who does have access has multi-factor authentication to get onto your site’s admin, and train your employees to be on the lookout for red flags like phishing emails that could be a hacker trying to gain access.
• Stay on top of your updates. Cybercriminals move alarmingly fast and constantly evolve as new protection methods emerge, which is why your security services typically offer frequent updates to their services. Install every single one of those updates and plug-ins as soon as they come through to ensure you always have the most up-to-date protection from the companies you trust to guard your data.
• Install an SSL certificate. This ensures that your customers’ data stays encrypted throughout the several routes it takes from their keyboards to your bank, making e-skimming much more difficult.
• Ask your third-party app what protection they’re taking. If you use a third-party payment app, they should also be working hard to make sure your customer data is safe. Many, including Stripe and Braintree, have protections in place that encrypt payment info at the time of checkout. But you should always check in to make sure they’re aware of and offering up-to-date protection from the most current threats.
• Encourage your customers to pay with credit cards rather than debit cards. Not only does a debit card not have the same legal protection as a credit card, but a compromised debit card can lead to losing all the funds in a bank account.

Online transactions create an element of vulnerability, so it’s important to take payment information security seriously—for the sake of your business and your customers. Taking the proper steps and being constantly on the lookout for threats is a solid way to keep your site running smoothly and securely.

Product features may have changed and are subject to change.