Nowadays. hackers have hacked almost 6000 online shops payment process by attaching specially crafted codes in order to steal the payment card details.
De Groot in his blog post said:
“By March the number of infected shops grew by almost 30 percent to 4,476, and by September, it reached 5,925. More than 750 online stores who were complaining skimming payment card details for attackers in 2015 are still doing so today, showing that this type of activity can go undetected for months,”
He suggested there are more than one groups who have been busy in such activities. As compared to 2015, the variants of the malware code have been increased.
Further, he said:
“The first malware just intercepted pages that had checkout in the URL. Newer versions also check for popular payment plugins such as Firecheckout, Onestepcheckout, and Paypal.”
The malicious code is added into the system using the known vulnerabilities in e-commerce software and content management solutions which websites holders are not able to patch.
The worst case is that many owners do not understand or take seriousness in the impact of these issues. While De Groot was trying to inform owners about such vulnerabilities , he got worst answers from the owners of the company. which are as follows:
one unnamed shop owner said:
“We don’t care, our payments are handled by a Third party payment provider,”
“Our shop is safe because we use HTTPS,”
HTTPS protects the user from the man-in-the-middle attacks, where the attacker has a solid position to stop the interface between the user and the server. Due to which code is operated on the HTTPS and the attacker can see the information on a server that user enters.
For using a third party payment processor, De Groot said:
Some of the shop owners have been taking action in result within 48 hours 334 stores are recovered and during this 170 new were hacked.