PIPKA Advisory

Skimming is not a new word to the cybersecurity industry. Earlier, skimming referred to stealing payment data from ATMs by attaching a physical ‘skimmer’ to ATMs. Now, with the evolving payment landscape, skimming has also been evolving into online skimming and targeting e-commerce sites.

Online skimming is an adverse activity of stealing payment information from e-commerce websites by infecting specific sites with sniffers/ Java Script sniffers. Once the malware is injected, it is very hard to detect the traces of it on the website. JS skimmers work as independent teams, develop their malicious JS skimming code, and sell it to the highest bidder in the dark web.

Earlier, in April 2019, Visa Payment Fraud Disruption’s (PFD) e-commerce Threat Disruption (eTD) found 8 e-commerce websites infected with JavaScript skimmers/sniffers. After detecting initial skimming attacks eTD found a shocking number of 17000 e-commerce websites infected with JS skimmers.

The cyberattack after infecting 17000 websites, evolved into an even more sophisticated data-stealing activity. Again, in September 2019, eTD found a new JS skimmer with many novel features.

The advisory details out how ‘pipka’ the new JavaScript skimmer has evolved to perform data breach menace. Then the advisory suggests the steps that must be taken by e-commerce merchants and services providers to prevent pipka or any other JavaScript skimmer from intruding and stealing customers’ payment data.