E-commerce sites have been infected with credit cards-stealing software since 2014. With use of code variations, hacking groups have made the situation worse. Because of consistency of such attacks, the name Magecart has been given by information security professionals to cyber-attacks where implantation of harmful computer codes are done by hackers into digital system third-party suppliers and websites for stealing of credit card information, called skimming, as users enter it at checkout pages.
British Airways, Ticketmaster, electronics retailer Sotheby’s and Newegg were all infected in 2018 by Magecart hackers. Researcher Matthew Meltzer at Volexity said that credit card hacking is so widespread because it is simple and offers high chances of rewards. It doesn’t require social engineering, malware installation or sensitive information-containing database being directly compromised. Instead the methodology of attack is pretty easy making skimming popular among hackers. Also difficulty of detection makes these attacks all the more common. Consumers are almost not aware of their information being stolen during transaction phases. Because of consistencies of online credit card skimming, its own small black-market industry has been created. Codes used for stealing were up for sales in 2016 in dark web forums, leading to increased selling and buying of building blocks of codes among groups. 11 such groups were discovered in all. Excluding those of Target and Home Depot, several more users were affected, estimates Klijnsma.
Malicious codes are either directly implanted, called formjacking, or smaller firms serving bigger companies are targeted, as was the case with Ticketmaster in June. Between August and September, formjacking attempts had apparently doubled. There has been a growth of awareness among consumers, retailers and researchers. Noticing this, hackers are coming up with fresh newer ways to infiltrate e-commerce sites as encryption methods and techniques are trying to sabotage skimmers. With the approach of the holiday shopping season, the threat is likely to increase.