Online Shoppers Should be on the Lookout for eSkimmers, a Digital Version of Porch Pirates

Share Article

The Holiday season always brings an increase in the volume of online shoppers, subsequently bringing a new wave of hackers and fraudsters. eSkimmers, AKA a new, digital version of Porch Pirates, are lurking in online shopping carts, waiting to steal your card information and even re-route your packages. Monica Eaton-Cardone, fintech expert and COO of Chargebacks911, tells consumers how to protect themselves against eSkimming during the Holiday season.

An acclaimed entrepreneur, speaker and author, Monica Eaton-Cardone is widely recognized as a thought leader in the FinTech industry and a champion of women in technology.

Fintech expert Monica Eaton-Cardone warns consumers of eSkimming; the new, digital version of porch pirates.

"Fraudsters have gone well beyond using skimming devices at ATMs and stealing boxes off porches."

In advance of the holiday shopping season, consumers throughout the United States are being warned of the prevalence of eSkimmers, a new breed of software hackers that infiltrate a shopping website and use malware to steal credit card or debit card information as the consumer enters it at point-of-sale. “At this time of the year, it’s more important than ever that consumers protect themselves against this threat,” said Monica Eaton-Cardone, a nationally known expert in risk reduction, revenue retention and merchant mediation. “Fraudsters have gone well beyond using skimming devices at ATMs and stealing boxes off porches. They’ve graduated to sophisticated methods to skim code on e-commerce web pages and capture information such as your name, date of birth, account numbers, passwords and more.”.

Experts warn that unlike other, cruder versions of cyber-crime, eSkimming is all but undetectable at the time that it occurs. To the end user, it appears that the transaction has completed without incident, and he or she has no way of knowing the extent of the theft, which involves not the loss of merchandise--as is the case when a “Porch Pirate” steals a box from a front porch--but of information, which is much more valuable. In most cases the consumer will even receive the product they ordered. Experts say the stealth nature of the theft is evidence of a deep familiarity with the payment processes of the sites that are hacked.

Companies that have reported the appearance of malicious payment codes of the type used in a common form of eSkimming include the online store for the National Baseball Hall of Fame, British Airways and Ticketmaster. Additionally, security was breached at some 6,500 online stores via code that researchers named “Magecart Attack,” which, when embedded in a web page, scans for numbers and letters entered into fields on the page by the consumer. This includes credit card numbers, security codes, expiration dates and other pieces of personal information.

According to the FBI, which investigates reports of eSkimming and other cyber-crime, most eSkimming operations are based in Eastern Europe. Some operators sell the personal data on the dark web, while others use the information to fraudulently purchase and then sell merchandise at a profit. In most cases the deception isn’t detected until well after the fact, making remediation more difficult.

While the FBI recommends that companies take steps to prevent e-Skimming--such as updating and patching all systems with the latest security, including anti-virus/anti-malware software to keep firewalls strong--consumers must be vigilant as well.

“There are a number of steps consumers can and should take to protect themselves,” Eaton-Cardone said, beyond using secure passwords and never clicking on links in emails sent by unknown sources. These include not using a debit card to make online purchases, shopping on well-known, reputable sites, using two-factor identification on all devices and using single-use or “virtual” credit cards.

“The most critical action consumers must take is to monitor their credit card and bank statements frequently and very closely for any strange purchases or activity,” said Eaton-Cardone. “And if they find anything they don’t recognize they should immediately contact the vendor.”

Easton-Cardone also recommends that consumers activate transaction alerts on all credit cards as a way to catch fraudulent activity early.

About Monica Eaton-Cardone:
An acclaimed entrepreneur, speaker and author, Monica Eaton-Cardone is widely recognized as a thought leader in the FinTech industry and a champion of women in technology. She established her entrepreneurial credentials upon selling her first business at the age of 19. When a subsequent eCommerce venture was plagued by revenue-leeching chargebacks and fraud, Eaton-Cardone rose to the challenge by developing a robust solution that combined human insight and Agile technology. Today, her innovations are used by thousands of companies worldwide, cementing her reputation as one of the payment industry’s foremost experts in risk management, chargeback mitigation and fraud prevention. As CIO of Global Risk Technologies and COO of Chargebacks911, Eaton-Cardone leverages her global platform to educate merchants on best practices in fraud prevention and to spotlight the competitive and economic advantages women can bring to the technology workforce. Her nonprofit organization, Get Paid for Grades, invests in students to inspire a new generation of innovators. Get to know Eaton-Cardone at

1. “Inside the Magecart Breach of British Airways: how 22 Lines of Code Claimed 380,000 Victims,”, September 11, 2018
2. “Security breach: Major social platform hacked,”, May 29, 2019
3. “Building a Digital Defense Against e-skimming,” FBI Portland, October 22, 2019

Share article on social media or email:

View article via:

Pdf Print

Contact Author

KJ Helms
Email >
Follow >
Visit website