The ABC 7 I-Team shows how this can happen without you knowing, and shows you how easy it is for this to happen and what's being done to stop it.
You may think of credit and debit card skimming at a gas pump, but it's also happening as you're checking out of your online shopping cart. Everything seems fine, then, days later you may see unexplained, mysterious charges on your credit or debit card.
The FBI said $1.8 billion was lost to online skimming and similar online thefts last year.
"In 2020, it has been reported as the highest monetary loss among all the different crimes that are reported to the FBI," Special Agent Jay Patel told the I-Team.
Virtual skimming is increasing as more people are shopping online during the pandemic.
Patel said the thieves are being brought to justice with 200 arrests worldwide in the last few years.
"So, one of the recent cases that we've had, 'Fin Seven,' these are three criminals that were in Eastern Europe. Right from there, they targeted thousands of different businesses in the U.S. and stole millions of credit card information, and they didn't have to travel to the U.S. to do that," Patel added.
Matt McGuirk, a cybersecurity expert at Source Defense, created a fake online vendor to show the I- Team how hackers steal your information as you shop.
"Silently in the background, my information has been stolen. This problem exists on virtually every website on the internet," McGuirk said.
The company's new study said this type of attack happens every 39 seconds.
"So when I click "Proceed to Checkout" here, we'll see the normal checkout process in the background. In the foreground, we see this black and green box, which is the attack that is just sprung into action. Now in reality, these attacks are always silent, the visitor sees nothing. But so we can, kind of, illustrate what the attacker is doing. We're giving you the side by side view'," McGuirk demonstrated.
Experts said the online merchants need to invest more in security on the "payment portions" of their websites.
What responsibilities do these companies have to protect their websites?
Patel said, "With any retailer, there's some responsibility on their end to ensure that they're providing a secure solution. However, because the way the technology changes, It becomes somewhat difficult for each one of these companies to focus solely on the security of that form that they have."
What can people do to stop it?
"Unfortunately, the average consumer has very few options," McGuirk said. "However, it could be as a practice for consumers online, particularly in this case, to use virtual card numbers, if your bank provides the ability to generate a one-time credit card number -- lots of different banks do that now. So, if that credit card number is stolen, it's just that one time."
You can also dedicate only one credit card for online shopping to better keep track of your transactions.
The FBI said you should use a credit card instead of a debit card when shopping online. It is easier to dispute fraud charges so you won't have to fight to get your cash back from your checking account. You should also set up text alerts on your accounts so you can detect fraudulent activity immediately.