Credit card skimmers running on compromised ecommerce websites continue to threaten financial institutions, online merchants, and consumers, leading to cycles of fraud and victimization that can reverberate for years. Even with prompt detection and remediation, the manner in which stolen data is exploited and distributed within cybercrime communities–typically long before victims realize their payment details were obtained illegally–only compounds this problem.
Skimmers use seemingly benign JavaScript deployed on a legitimate, but compromised, ecommerce website that “skims” payment form data and sends it to a malicious host before submitting that form data to that same ecommerce website, leaving the victim none the wiser.
Skimming has proven itself to be an extremely lucrative form of cybercrime. This success gave rise to a specialized underground economy with skimmer-as-a-service providers at its core. These services provide everything an aspiring cybercriminal needs to steal payment form data–a skimmer script, methods for deploying that skimmer, and a management panel to track and validate skimming campaigns. The significance of skimming services cannot be understated. Technical barriers to entry that once existed are simply no longer there, making skimming all the more easy to commit.
This post was created with our nice and easy submission form. Create your post!
GIPHY App Key not set. Please check settings