Page 20 - GS190702
P. 20

Views





        For example, if you minimize a payment page and the content covering the form   pages, when you're placing an online
        doesn't resize properly, it could indicate the page has been hacked, he stated.   order and criminals launch a man-
                                                                                   in-the-middle attack and steal your
        Segura cautioned consumers to be especially vigilant on small ecommerce sites,   information, Segura noted.
        as criminals frequently use an override process by asking for payment data at
        an inappropriate stage of the shopping journey. Criminals also load skimmers   "The beauty of skimmers is they op-
        from content delivery networks on these sites. If ecommerce platforms load   erate in your browser, gather data
        slowly, the sites may have been compromised by malicious scripts.          and encrypt it," he said. "A piece of
                                                                                   JavaScript will grab the data in real
        Skimming originated in the ATM world, where criminals glued ancillary sur-  time and exfiltrate it to server. These
        veillance devices to ATMS to collect data. Similar attacks happen on payment   attacks have been going on for years,
                                                                                   but you hear more about them now
                                                                                   due to notorious cases and more
                                                                                   criminals coming on board."

                                                                                   Stay safe out there
                                                                                   Credit card companies are good at
                                                                                   handling fraud and getting their
                                                                                   money back, but your personally
                                                                                   identifiable information is a whole
                                                                                   other story, Segura commented.
                                                                                   When criminals capture your full
                                                                                   name, address and email, you can't
                                                                                   easily change this information. Hav-
                                                                                   ing it out there leaves you open to
                                                                                   criminal attacks.

                                                                                   A tiny piece of code can alter a form
                                                                                   and change a user experience while
                                                                                   remaining hidden. Some attacks are
                                                                                   purely web-based; others involve in-
                                                                                   jecting malware into browsers. While
                                                                                   it's challenging to protect against
                                                                                   unseen threats, Malwarebytes is
                                                                                   constantly blocking unknown URLs,
                                                                                   Segura  stated.  We  can't  identify  all
                                                                                   sites, but we have identified a lot of
                                                                                   criminal infrastructure and we con-
                                                                                   tinually block malicious scripts, he
                                                                                   added.

                                                                                   "Monitor credit card statements right
                                                                                   after you shop on a site," he advised.
                                                                                   "If something happens, clean it up.
                                                                                   Of the hundreds of incidents we
                                                                                   see every day, more small platforms
                                                                                   are compromised than major ecom-
                                                                                   merce sites."

                                                                                   Dale S. Laszig, senior staff writer at The Green
                                                                                   Sheet  and managing director at DSL Direct
                                                                                   LLC, is a payments industry journalist and
                                                                                   content development specialist. She can be
                                                                                   reached at  dale@dsldirectllc.com  and on
                                                                                   Twitter at @DSLdirect.





        20
   15   16   17   18   19   20   21   22   23   24   25