PCI Council & Retail ISAC Issue Magecart Warning

The PCI Security Standards Council and Retail and Hospitality ISAC have joined forces to highlight the growing threat of online skimming attacks, such as Magecart.

“These attacks infect e-commerce websites with malicious code, known as sniffers or JavaScript sniffers and are very difficult to detect,” an alert stated. “Once a website is infected, payment card information is ‘skimmed’ during a transaction without the merchant or consumer being aware that the information has been compromised.”

As the attacks either directly impact e-commerce websites or a third party’s software libraries, which merchants rely upon “these service providers may not be aware of the risk they create for their customers if they are not focused on security and the potential threats targeting them.”

Troy Leach, chief technology officer, PCI Security Standards Council, said: “We have heard from many of our stakeholders in the payment community that these types of attacks are a growing trend for many businesses, large and small. We felt, as a leader in payment security, now was the time to issue a bulletin with our friends and colleagues from the retail and hospitality sector who battle these threats daily.”  

The alert warned that any e-commerce implementation that does not have effective security controls in place is potentially vulnerable. “There are ways to prevent these difficult-to-detect attacks however,” said Leach. “A defense-in-depth approach with ongoing commitment to security, especially by third-party partners, will help guard against becoming a victim of this threat.” 

Carlos Kizzee, vice-president, intelligence at the Retail and Hospitality ISAC, added that these attack techniques are of increasing significance to the retail and hospitality industr ..

Support the originator by clicking the read the rest link below.