Online Skimming: An Emerging Threat that Requires Urgent Awareness and Attention

Web-based skimming is a growing threat of which all online service providers should be aware. Through the use of sniffers and JavaScript sniffers, attackers infect a website with malicious code that is able to "skim" payment card information without the merchant or consumer knowing. These attacks are not only very effective but also very difficult to identify when a compromise does happen. Attackers use various methods to gain access and inject malicious code and diversify their victims by targeting both e-commerce directly and a third-party software library that merchants use. It is highly recommended that merchants do regular vulnerability assessments of their web applications, both internally and externally, as well as use file-integrity monitoring.

Relevant URL(s):