Home E-skimmers a threat to revenue?

E-skimmers a threat to revenue?

Nov 29—You’re likely looking forward to helping your customers enjoy this holiday season, especially after a turbulent year. The good news is that your supplies have arrived. But, as holiday shopping gets into full swing, could your business see e-skimming exploits?

What is e-skimming?

In e-skimming, cyber criminals leverage a vulnerability on your checkout page. A malicious code is deployed that diverts payments away from your store, stealing customer data and potentially rerouting funds to hidden bank accounts. Hackers can gain access to credit card numbers, birthdates, ages, location, home addresses and more.

E-skimmers operate similarly to traditional gasoline pump skimmers, which you’ve likely encountered in the past. A major difference is that e-skimmers are invisible and provide hackers with data that’s more valuable than what could be gleaned through traditional skimming tactics.

Recent attacks

The Magecart hacking group is known for its use of e-skimming attacks. Last week, experts warned that more than 4,000 online retailers may have been compromised in Magecart attacks. The majority of victimized groups were compromised via a known vulnerability in the Magento e-commerce platform. Magecart hackers typically either list the stolen data on the dark web or use it to make purchases.

Smaller online retailers are most likely to encounter e-skimming technologies, but larger groups –from airlines to restaurants- could see e-skimming threats too. The National Cyber Security Center in the UK urges enterprises to remain aware of the latest threats and to update software as needed in order to avoid damage.

Avoiding e-skimming

Your enterprise can avoid e-skimming technologies. Here’s how:

  • Regularly update payment software
  • When payment software providers offer patches, install them
  • Conduct code integrity checks
  • Ensure that anti-virus software is updated
  • Analyze and monitor weblogs
  • Maintain a strong incident response plan
  • Increase overall website security

In summary

During this high-volume shopping window, retailers must ensure that sites are not exploited via opportunistic hackers. Experiencing cyber crime could lead to reputational damage, reduced consumer trust, fewer profits and other negative consequences.

For more information about retail security, see Cyber Talk’s past coverage here and here. Interested in more news, analysis and expert insights? Sign up for the Cyber Talk newsletter here.