A new form of cybercrime is targeting online shoppers, with criminals using digital skimming techniques to steal personal and financial data.
This modern variant of card skimming, also known as e-skimming or web skimming, is evolving rapidly, and it’s proving difficult to detect.
Go deeper with GlobalData
What is digital skimming?
Digital skimming involves hackers infiltrating online stores with malicious code designed to capture consumers’ payment details. Unlike traditional card skimming, which relies on physical devices attached to point-of-sale machines, digital skimming is carried out over the internet.
By embedding malware into e-commerce websites, criminals can harvest payment information from unsuspecting customers.
This technique is more sophisticated and can affect a larger number of victims simultaneously, making it harder for businesses to detect. In one instance, 380,000 passengers had their personal data stolen over just two weeks from an airline website.
A separate attack on a concert ticket platform affected 9 million customers in a mere two months.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataThe growing scale of digital skimming
The prevalence of digital skimming is on the rise. In 2022, nearly three-quarters of all publicly reported data breaches were attributed to this method. Mastercard’s figures show a dramatic 129% increase in the number of infected websites between 2021 and 2022.
FBI (Federal Bureau of Investigation), America’s national police agency, estimates that such crimes cost cardholders and banks over $1 billion annually.
Digital skimmers primarily target sensitive payment information, including credit card numbers, expiration dates, and CVC codes, as well as personal data like names, addresses, and phone numbers.
Once the data is captured, it’s typically sold on the black market, where fraudsters use it for unauthorized transactions. The FBI reports that nearly 417,000 cases of identity theft in the U.S. in 2023 were linked to digital skimming.
How consumers can protect themselves
Consumers need to stay vigilant when shopping online to avoid falling victim to digital skimming. Look out for warning signs such as suspicious pop-ups, strange ads, or poor website design, which could signal a compromised site. Always check that websites are secure before entering payment information, and be cautious of any unexpected charges on bank statements.
To bolster online safety, consider using a dedicated card for online purchases and enable transaction alerts. Employ strong, unique passwords for all accounts, and use a trusted VPN when connecting to public Wi-Fi networks.
Retailers should also prioritise robust security measures to defend against these threats.
Regular software updates, encrypting customer data, and thoroughly vetting third-party software can help businesses safeguard their websites from digital skimming attacks. Automated risk management tools powered by AI can further enhance security by identifying vulnerabilities in real-time.
As digital skimming becomes more common, both consumers and businesses must remain proactive to mitigate the risks of this growing threat.
