the staff of the Ridgewood blog
Ridgewood NJ, Card skimming incidents have surged by 40% from 2022 to 2023, with New Jersey emerging as one of the top five states contributing to nearly half of all card compromise reports (CCRs). This alarming trend is expected to continue in 2024, providing more opportunities for threat actors to capture and steal customer data and financial information through various physical and digital methods.
The Growing Threat of Card Skimming
Card skimming involves using devices to steal information from credit or debit cards during transactions. These devices are typically installed at ATMs and point-of-sale (POS) systems in places like convenience stores, grocery stores, retail outlets, gas stations, and restaurants. In addition to skimmers, hidden cameras and fake keypads can record PINs and passwords, exacerbating the threat. Modern skimmers utilize cellular and Bluetooth technology, allowing threat actors to access stolen data remotely and with low detection risk.
Recent Skimming Incidents in New Jersey
Since the start of 2024, numerous physical skimmers have been reported across New Jersey, including:
- ATMs at Capital One Bank and Proponent Bank in Nutley
- ATMs at Wawa in Galloway Township
- Card readers at Dollar Tree and Walmart in Bayonne, and 7-Eleven in Cinnaminson and Pennsauken
- Supremo Food Market in Pennsauken
- Aldi Stores in Roselle and Union
Additionally, law enforcement charged a Lakehurst gas station employee with stealing customer information and making fraudulent purchases. Two men were arrested for placing skimming devices on several Westfield ATMs to steal debit card information and use counterfeit cards for fraudulent cash withdrawals.
Digital Skimming: The Online Threat
The digital counterpart to physical skimming is web skimming or Magecart attacks. These attacks target POS systems in online stores, restaurants, financial institutions, and other online businesses. Magecart attackers inject malicious code into checkout pages to steal payment card data. Recent notable incidents include:
- Magento Servers: In February, threat actors exploited CVE-2024-20720, inserting malicious XML code into the “layout_update” database table to create a backdoor and inject malware.
- Fake Facebook Pixel Tracker: In April, a card skimmer was found embedded in a fake tracker script, capturing card information during the checkout process.
- WordPress Vulnerability: In May, threat actors exploited a vulnerability in the Dessky Snippets plugin, manipulating the WooCommerce checkout process to steal financial information.
Consumer Recommendations
To protect against card skimming, consumers should:
- Prefer Credit Cards: Use credit cards over debit cards for better fraud protection.
- Enable Transaction Notifications: Set up alerts for every transaction to quickly detect fraudulent activities.
- Inspect POS Systems and ATMs: Check for signs of tampering before using them.
- Use Contactless Payments: Tap to pay or use phone-based payments, which are safer than swiping the card’s magnetic strip.
- Shop on Secure Websites: Navigate directly to known, secure, and encrypted websites.
- Enable MFA: Use multi-factor authentication on all accounts, including online shopping sites.
- Keep Browsers Updated: Use ad blockers and regularly update browsers to enhance security.
By staying vigilant and adopting these protective measures, consumers can significantly reduce the risk of falling victim to card skimming scams. Stay informed and secure to combat this growing threat.
