
Skimming is not a new word to the cybersecurity industry. Earlier, skimming referred to stealing payment data from ATMs by attaching a physical ‘skimmer’ to ATMs. Now, with the evolving payment landscape, skimming has also been evolving into online skimming and targeting e-commerce sites.
Online skimming is an adverse activity of stealing payment information from e-commerce websites by infecting specific sites with sniffers/ Java Script sniffers. Once the malware is injected, it is very hard to detect the traces of it on the website. JS skimmers work as independent teams, develop their malicious JS skimming code, and sell it to the highest bidder in the dark web.
Earlier, in April 2019, Visa Payment Fraud Disruption’s (PFD) e-commerce Threat Disruption (eTD) found 8 e-commerce websites infected with JavaScript skimmers/sniffers. After detecting initial skimming attacks eTD found a shocking number of 17000 e-commerce websites infected with JS skimmers.
The cyberattack after infecting 17000 websites, evolved into an even more sophisticated data-stealing activity. Again, in September 2019, eTD found a new JS skimmer with many novel features.
The advisory details out how ‘pipka’ the new JavaScript skimmer has evolved to perform data breach menace. Then the advisory suggests the steps that must be taken by e-commerce merchants and services providers to prevent pipka or any other JavaScript skimmer from intruding and stealing customers’ payment data.
Get your copy now!
SISA is a forensics-driven cybersecurity company that helps secure businesses with robust preventive, detective and corrective security services and solutions. SISA offers products and services for risk assessment, security compliance and validation, monitoring and threat hunting, as well as training for various payment security certifications.
Industry recognition by CREST, CERT-In and SWIFT serves as a testament to our skill, knowledge, and competence.
With 2,000+ clients spread across 40+ countries, we leverage our learnings to provide true security, fanatic support and real business value to our customers.