With today (8th February) marking Safer Internet Day 2022, Adam Hunt, CTO at RiskIQ, comments below on the rising threat of browser-based card skimming attacks and what more organisations can do to mitigate the impact of these campaigns on their customers:
“Safer Internet Day should serve as a reminder to businesses of how they can better protect their customers online. Burgeoned by the pandemic, a vast amount of our shopping today now takes place through internet retailers, and threat actors are on constant prowl to steal the information of unsuspecting customers through skimming campaigns that fraudulently imitate established brands. The problem is widespread, with the NCSC finding 4,151 online retailers in the approach to last year’s Black Friday that had card skimmer diverts inserted into checkout pages through software vulnerabilities.*
“In the face of these campaigns, it is vital that businesses – including SMEs – take a proactive stance in order to limit the potential damage to their customers’ pockets as well as their own brands. The key to remaining safe is through extensive knowledge and visibility of the organisation’s web-facing digital assets and their underlying software script, regardless of whether it was developed by the organisation or loaded from a third-party service such as Magento or WooCommerce, both of which have been routinely targeted. As this code executes on the user machine, seeing the world through the eyes of the user can highlight malicious changes that would otherwise go unnoticed. Guarding against such threats is an important step that companies can take to make the internet a safer place for both their own brands and all online shoppers.”
