Europol Identifies 400 Online Merchants as Victims of E-Skimming
February 6th, 2024 | By Joyrene Thomas | 6 min read
More than 400 online merchants were found to be infected with e-skimmers following a coordinated international action by law enforcement.
The two-month campaign by Europol and law enforcement agencies in 17 countries identified infected e-commerce sites and alerted them that their customers’ card data had been compromised.
It resulted in two dozen new e-skimmers, i.e. malicious software or ‘malware’ types, being identified. These include AngryBeaver, ATMZOW, FirstKiss, FakeGA, health_check, Inter and R3nin.
What is E-skimming?
E-skimming, or digital skimming, involves stealing sensitive data inputted by users into web forms. Frequently this is payment data from online checkout pages, although it also includes personally identifiable information, or PII for short, from other web forms.
Criminals exploit vulnerabilities in a website’s code or infrastructure to harvest data. These attacks are hard to detect as the payment process is unaffected. The customer gets their goods or services and the merchant gets paid. Both parties are unaware that a compromise may have occurred.
How Does E-skimming Work?
In general, there are four stages in an e-skimming attack:
1. Initial breach
Criminals gain access to the source code of the server of an online store either as a first-party attack or by compromising a third party. Often this is by exploiting software vulnerabilities, deploying malware, or using stolen (or phished) credentials.
2. Code injection
Criminals inject malicious code to compromise payment pages. They evolve their methods. And tailor them depending on whether payment forms appear directly on pages or are embedded using an iFrame.
Magecart attacks are named after ‘Magento’, the primary open-source e-commerce platform, and shopping ‘cart’. Magecart also refers to the criminal group active since 2015 carrying out such attacks.
3. Data exfiltration
The harvesting of data occurs when consumers enter their payment details to complete their purchases on compromised payment pages. The malicious code covertly skims and collects the information, often encrypting it, before sending it to the attacker’s remote server.
Criminals monetize stolen data by using it to make unauthorized, fraudulent purchases for goods to re-sell for cash. Or by selling the data to other criminals.
How Did We Get Here?
The Internet was designed for sharing and collaboration not necessarily banking and shopping. How web applications are built has also changed over time.
What’s the Solution?
Don’t underestimate the importance and effectiveness of business-as-usual security. There are various steps e-commerce businesses can take to protect themselves from e-skimming attacks and prevent unauthorized access to sensitive data.
These range from conducting regular security assessments, monitoring, and third-party due diligence to deploying secure code and adhering to payment security standards (PCI DSS).
The latter is becoming increasingly important as version 4.0 of the PCI DSS contains two new requirements to protect against and detect these e-skimming attacks on payment pages. These will be requirements from 01 April 2025.
Jscrambler Client-Side Protection Platform
Trusted by digital leaders from several industries, including financial, healthcare, and entertainment, Jscrambler gives businesses the freedom to innovate securely.
Feel free to try all Jscrambler features with a free trial or book a demo with our client-side security experts.
Must read next
E-skimming Attacks and the Reconciliation with Client-side Security
E-skimming attacks are client-side attacks that involve placing code onto a web page to steal sensitive data inputted by users into web forms.
September 19, 2023 | By | 9 min read
Jscrambler launches free tool for faster compliance with new PCI anti-skimming requirements
Jscrambler is launching a free tool for faster compliance with new PCI DSS v4.0 e-skimming prevention requirements. This tool provides organizations of all sizes with clarity and simple compliance...
June 27, 2023 | By Jscrambler | 6 min read