Many eCommerce sites are based on one of a few common platforms such as Magento, WooCommerce, WordPress and Shopify. Cybercriminals are taking advantage of weaknesses in these systems and installing skimmer malware on unpatched versions of these platforms.
The skimmer software will read your credit card and other sensitive information as it’s being processed by the eCommerce site and pass it along to a command-and-control server under the control of the criminal.
Researchers at Akamai observed some of these compromised eCommerce sites have hundreds of thousands of visitors per month leading to the potential loss of information for tens of thousands of their customers. The researchers also found many of the compromised sites didn’t learn of the situation for more than a month after the initial compromise.
How to protect yourself
Hope the eCommerce site you are on has protected their admin accounts appropriately and applied the most recent security updates for their Content Management System and any plugins it uses.
Since “hope” isn’t a great security strategy, you can take the following precautions.
Use an electronic payment method such as PayPal.
Utilize virtual credit cards.
Use credit cards with low charge limits.
Definition
Virtual credit card - A unique credit card number generated for a single transaction or a limited period of time. It can be used for online purchases or transactions where the user wants to keep their actual credit card number secure. Virtual credit cards typically have a lower credit limit than the user's actual credit card and can be easily generated and canceled as needed.
Most major Credit Cards offer Virtual Card numbers as a free benefit.
Sources: Akamai, Wallethub, BleepingComputer
Would you like a free, no-obligation Cybersecurity Benchmarking of your organization showing where you stand vs. industry-accepted practices? Click here to schedule a time with one of our associates.