E-commerce sites try to maintain advanced skimming schedules, but there is a good chance that your credit card details will still be affected. A security expert gives advice.
3 security tips to protect yourself against attacks by skimming
E-commerce sites try to maintain advanced skimming schedules, but there is a good chance that your credit card details will still be affected. A security expert gives advice.
Karen Roby from TechRepublic talks to Aanand Krishnan, founder and CEO of Tala Security, about protecting the identity of consumers while shopping online. The following is an edited transcript of their interview.
Arriving Krishnan: I think that identity theft unfortunately becomes top of mind for consumers, and especially the online world becomes a kind of scary place. We have seen a huge peak, especially in the last few months, in the number of what we would call credit card skimming or log-in data for attacks on the web. In November, for example, Macy’s came forward and said that Macys.com had been compromised, and that they had lost user credentials and credit cards through a skimming attack.
SEE: Brute force and dictionary attacks: a cheat sheet (free PDF) (TechRepublic)
If you are not familiar with a skimming attack, this works as follows. You go to your favorite e-commerce store to buy something and you enter your details, your credit card details, and you expect that information from your device to the seller, or maybe it’s a banking institution or payment processor. In the event of a skimming attack, the attacker can, because he can run malware or malicious code on your computer, make a copy of that information and send it from your browser to his malicious server. And because the transaction actually goes ahead with this attack, neither you nor the seller know that skimming has even happened. The attacker has basically received a copy of your credit card information, which is why these attacks are not only successful, but also very difficult to detect.
In many cases we see that websites, especially e-commerce sites, have been compromised for several months, sometimes even more than a year, before they find out that they have been compromised. This problem with skimming login data and skimming credit cards, also known as formjacking or Magecart, has become a major problem. We estimate that today there are hundreds of thousands, if not a few million, websites with active skimmers, which means that the chance that you or any of us hit a website with one of these skimmers is very, very high. It is absolutely our responsibility to be aware of these attacks and to be very careful when making purchases online.
SEE: Welcome 2020 with a 20% discount * your TechRepublic Premium annual subscription (TechRepublic)
Karen Roby: What do we have to do to stay safe?
Arriving Krishnan: I think that is a very difficult question, frankly, because the reality is that this is a problem that is primarily the responsibility of traders, e-commerce sites or banking institutions, or whoever you are transactions with . And second, the reality is that data privacy regulations and laws have not really kept up with this. For example, we saw that British Airways in the UK, which lost around half a million credit cards, was fined by the GDPR. They were fined around $ 200 million. I think the privacy regulations and the regulators are aware of this, and they act accordingly, but they are not there yet.
SEE: Data theft from British Airways shows that there is a need for cross-site scripting restrictions
(TechRepublic)
So what do we do as a consumer? I think the reality is that we are going shopping, but I would recommend two or three things.
One is to educate yourself. Pay attention to the problem in the first place. Keep in mind that you may visit a website that does have skimming.
Number two, of course, look in your bank accounts, your credit card accounts and look for strange transactions that may indicate that your credit cards are already in danger.
Number three, just follow very good hygiene. Do simple things such as not clicking on emails that can infect your machine with malware. Keep your browser clean. Many people we notice, for example, download free software that eventually installs adware, spyware, all kinds of malware in their browser – don’t do that. Do not download things that you do not need. And if you go to the browser, you must ensure that you can delete all these extensions. It offers you a better and a much safer browsing experience.
These are some things that consumers can do, but you are right, it sometimes sounds like it is all gloomy, but the good thing is that e-commerce companies we talk to from Tala are actively working to solve this problem and companies like us and regulatory authorities and industry associations are actively looking into this issue.
Karen Roby: How aware do you think consumers are of the risks?
Arriving Krishnan: I think there was a statistic that shows the likelihood that at least one of your cards in the wallet has already been compromised and is nearly 100% on the Dark Web. I don’t think the consciousness is that high. Many people I know unfortunately get wind of it when their bank calls them and says, “Your bank card or credit card has been compromised, we have to send you a replacement.” This has happened to me several times in recent years, and I could imagine it happened to many people. I know many people for whom this happened.
I think people know because their bank is replacing their credit cards or their credit card company is replacing them. However, I think the average consumer is really unaware of how easy it is to maintain this type of cyber attack on websites to be able to do this type of skimming. Awareness needs to grow, and I think this is one of the biggest challenges we face as an industry, as a cyber security industry. How do we make consumers aware that their sensitive data – and they don’t have to be credit cards . it can be health data, it can be your social security number, your address – all personal data that you visit a website can be affected.
I really hope that something good will come out, that is, that the industry will wake up and that we will protect consumers much better, but that consumers and consumer awareness will play a very important role in putting pressure on sellers, e-commerce companies and putting banks under pressure, as well as suppliers like us to do much better than in the past.
Cyber ​​Security Insider Newsletter
Strengthen the IT security of your organization by staying up to date with the latest news, solutions and best practices for cyber security.
Delivered on Tuesday and Thursday
Register today
