Alert: Threat of Online Skimming to Payment Security

The Payment Card Industry (PCI) Security Standards Council has released a new alert. The alert warns of the threats of online credit card skimming to payment security. Read the full alert or get the highlights below.



The group primarily responsible for the tactic is known as "Magecart." In the past, the group hacked British Airways, NewEgg and Ticketmaster. Magecart has hacked over 6,400 sites since their inception.

The alert says, "Magecart hackers and similar threat actors are continuing to evolve and modify their attacks, including customizing malicious code for different targets, and exploiting vulnerabilities in unpatched website software." 

After obtaining the data, the group sells the information on the Dark Web.

How it Works

The group is using vulnerabilities in websites to compromise them. The vulnerabilities utilized for skimming are the same that hackers use in other methods to hack websites. The ways Magecart gains access include:

  • Brute Force Login Hacking: Hackers try to login using a large list of known common passwords.

  • 3rd Party Plugins: Websites might use functions/apps/widgets from outside developers. These help the website accomplish a specific purpose. However they another channel that an attacker can use.

  • Phishing and Social Engineering: Criminals can gain access to credentials if they convince a person to provide the desired information by using deception. The most common way phishing and social engineering occur through is via email.

After getting access to a site's backend, the hacker injects the malicious skimming scripts. "The malicious code logs the payment data either locally on the compromised website or remotely to a computer controlled by the threat actors," according to the alert.

Prevent Skimming

Complying with the 12 PCI DSS requirements goes a long to being safe and secure.

pci dss certified consulting services

Other items to focus on to secure your website include:

  • Install website plug-in and CMS updates and patches as they are available.
  • Maintain control over the authorization levels of the people who can login to your website.
  • Require users who login to your website to enable two-factor authentication.
  • Work with an external vendor to perform penetration testing to test defense.
Did you enjoy this blog article? Comment below with your feedback.



Founded in 2000, Cipher is a global cybersecurity company that delivers a wide range of services: Managed Security Services (MSS), Managed Detection and Response (MDR), Cyber Intelligence Services (CIS), Red Team Services (RTS), Governance, Risk and Compliance (GRC) and Cybersecurity Technology Integration (CTI). These services are supported by the Cipher Lab, an elite threat and cyber intelligence research and development lab, and also by five 24x7 Security Operations Centers (SOC).

Cipher is a highly accredited company holding ISO 27001, ISO 22301, ISO 20000, ISO 9001, SOC I, SOC II, PCI QSA, PCI ASV and CREST certifications. The quality of service has led Cipher to win many awards from world-renowned research companies such as Gartner, Frost & Sullivan and Forrester. Clients consist of companies from mid-size enterprises to world-renowned corporations and government agencies, with countless success stories.

Recent Security Posts


Twitter Feed