{"id":1897,"date":"2016-12-07T16:39:32","date_gmt":"2016-12-07T13:39:32","guid":{"rendered":"https:\/\/www.protectimus.com\/blog\/?p=1897"},"modified":"2019-06-06T13:05:57","modified_gmt":"2019-06-06T10:05:57","slug":"online-skimming","status":"publish","type":"post","link":"https:\/\/www.protectimus.com\/blog\/online-skimming\/","title":{"rendered":"What is Online Skimming and How to Avoid It"},"content":{"rendered":"

Card skimming<\/a>, implemented through card reading slips on ATM machines, is familiar to many. Nowadays this type of credit card fraud is also appearing on the web. Of course, it is improved and adapted according to its new \u2018habitat’. But the crux of the matter remains the same: the theft of credit card information for its use in criminal undertakings.<\/p>\n

On the web, harmful Javascript code effectively replaces the skimmers on the card slots. In order to introduce this code onto the servers of internet shops (it is precisely online stores that turn out to be the most frequent victims of these frauds), hackers exploit vulnerabilities which exist in the websites\u2019 software. After the installation, the spyware reads the data from the credit cards input by clients while making purchases. The information of every credit card payment conducted in the shop is thereby intercepted and sent off to a server under the assailant\u2019s control. After that the thief is able to either sell the card number (on the black market the average price of one \u201clot\u201d ranges around ten dollars) or use the other person\u2019s credit card himself.<\/p>\n

All the while protected HTTPS-connection won\u2019t help to protect the data: since the malware is installed on the shop’s server, information leakage takes place even before the process of encryption. Often a break-in will leave no trace not only for the customer, whose data was abducted but even for the owners of the merchant websites.<\/p>\n

Online skimming at first attracted serious attention to itself at the end of 2015, when researchers found over 3000 internet shops which were “pouring out\u201d client cards\u2019 information. For most of the identified websites, the skimming code worked over the span of a few months, and in certain places even more than half of a year. You don\u2019t even want to imagine how many credit card numbers were compromised during this period.<\/p>\n

Since then a year has passed. What are the results? Now the number of merchant sites with online skimming has increased significantly.<\/p>\n

One of the factors which impact the increase of infected stores was that hackers learned to skillfully mask the harmful code, making its detection quite difficult. If a year ago just one type of online skimmer with a few modifications in the code was generally used, then today nine types of JS-scripts related to three different families are revealed.<\/p>\n

However, the main reason for the spread of online skimming is that the managers of internet stores are not quite concerned to eliminate it. After the detection of the problem, the owners of the resources were at once informed by researchers about vulnerabilities that the data protection systems on their websites had. Unfortunately, the overwhelming majority didn’t react to that with due attention. Some simply did not respond to the warnings of specialists, some doubted the presence of spyware on their sites, claiming their data protection systems to be all in order.<\/p>\n

Meanwhile, there are certain means allowing not only to escape these harmful \u201cadditions\u201d but moreover to prevent reinstallation. This is a special software for scanning websites for the presence of vulnerabilities and changes in code able to exercise daily monitoring and report arising problems.<\/p>\n

Insofar as the store owners are clearly not aware of serious problems, it is worthwhile for potential customers to take individual care of the protection of their data and their funds.<\/p>\n

In order to do that:<\/strong><\/p>\n