A cyberattack known as e-skimming is getting more common with the rise of online shopping
Skimmers, or hidden devices designed to steal credit card information, have long been a threat for consumers at the gas pump or ATM. Now, skimming has gone high tech.
Deepak Patel, security evangelist at PerimeterX, provided the following perspective:
“With Magecart, attackers have found an easy way to skim users’ credit card data complete with names, addresses, zip codes and CVV numbers. Hackers have always compromised web servers even as enterprises have shored up their defenses. Prior to Magecart, hackers could not directly monetize on the data since the data obtained from the website server infrastructure did not have payment information for most e-commerce sites. Given the lack of visibility for website owners to these client-side attacks, it takes days, weeks or sometimes even months before the discovery of the data breach. Magecart attackers are sophisticated and use obfuscated code that directly skims user credit card data from the client (browser) to a site controlled by the attacker–completely bypassing the website infrastructure. Regulations like GDPR and CCPA are making sure that the website owner remains responsible for user data protection, which requires website owners to take a new approach to securing web applications from threats like Magecart.”