Hackers have been busy during lockdown, accessing and intercepting sensitive card details from online customers of Claire’s Accessories, the jewellery and accessories retailer.
It’s not known how many people were affected, but reports indicated their online platform was compromised over two months this year. According to researchers at Sansec, the attack began on the 25th of April and was ongoing until the 13th of June. It’s during this time that Magecart’s credit card skimming Javascript was present on the website.
Consumers who may have shopped online at Claire’s during this period have been advised to monitor their accounts for unauthorised charges, and alert their card provider’s fraud team if they notice any suspicious transactions.
Claire’s made the following statement regarding the attack:
“Claire’s cares about protecting its customers’ data. On Friday, we identified an issue related to our e-commerce platform and took immediate action to investigate and address it. Our investigation identified the unauthorized insertion of code to our e-commerce platform designed to obtain payment card data entered by customers during the checkout process”
Researchers at Sansec’s said:
“The timeline may indicate that attackers anticipated a surge in online traffic following the lockdown.”
What is Magecart?
Magecart is a growing cybercrime syndicate and the name of the malicious code used to inject within e-commerce sites, with the intention to steal customer’s valuable card payment details. Skimming attacks have become increasingly common in recent years, as seen by the numerous high profile data breaches including Ticketmaster, Forbes, Macy’s and British Airways.
British Airways was the most high-profile company that was recently subject to this style of attack, affecting at least 380,000 of their customers. Both personal and financial data were stolen, including names, email addresses and sensitive card information (as well as the three-digit CVV number on the back of the card). They were ultimately fined £186.6 million ($230 million).
What is Web Skimming?
Magecart use a method known as web skimming (or Formjacking). It is a form of internet or card fraud where a payment page is compromised with a few lines of malicious Javascript. The technique has grown in popularity since August 2018, affecting a number of high-profile retailers and further illustrating the dangers of supply chain attacks.
As formjacking only requires a few simple lines of code to be loaded onto a website, it could represent a significant threat to online storefronts that collect, process, store or transmit sensitive customer details. It highlights poor due diligence by online retailers who aren’t adequately assessing their e-commerce platforms, or failing to control access to their valuable online assets.
The information you provide at the checkout stage of an online store is used to process the order with the merchant. However, the injected javascript intercepts those details and sends them to a third-party server. Because the transaction successfully goes through, neither you nor the merchant can identify that formjacking even took place. The attacker has stolen a copy of your credit card information, and this is why these attacks are not only so successful, but they’re also tough to detect.
The card details are often sold in bulk to other cybercriminals who use them to fund illicit activities.
The Potential Consequences
Web skimming can have serious consequences for an organisation ranging from fraud claims and brand damage, as customers may choose to avoid your shop in favour of more secure competitors. There are also considerable financial implications from compliance penalties, such as CCPA and GDPR violations.
How to Protect Against Web Skimming?
As online shopping continues to grow exponentially around the world, there are more opportunities for fraudsters to exploit potential vulnerabilities.
In order to minimise the risks and impact of a breach, such as Magecart, there are solutions organisations can implement. It’s imperative that businesses evaluate the security of their entire network for taking payments, ensuring that their customers data is safeguarded. PCI compliance throughout their applications, systems and services is crucial when it comes to reducing the threat of malicious cyber-attacks.
Ameet Naik, Security Evangelist at PerimeterX, advises:
“As the COVID pandemic shifts more buyers online, businesses need to be on the lookout for malicious JavaScript on their websites,”
By working with a third-party payment solutions provider, such as Key IVR, organisations are able to take the worry of malicious online attacks away from their own environment with web payment services. Sensitive payment data can be taken “out of scope”, becoming an effective way of avoiding this form of attack.
Contact Key IVR today, email sales@keyivr.com or call +44 (0) 1302 513 000