Protecting Customer Data as Card Skimming Malware Continues to (Aero) Grow 


Ted McKendall

Customers of AeroGrow, the US-based seller of indoor gardening systems, recently became the latest victims of card skimming malware, an increasingly popular technique for stealing financial data from online merchants According to a letter from AeroGrow to its customers, the malicious code responsible was likely to have been active for four months before it was discovered and removed.  

Implanted in the vendor’s payment processing page, it skimmed and siphoned off personal customer information required to verify and process a payment, such as credit card numbers, expiry dates and CVV codes as they were entered.  


Website Skimming Malware Remains the Attack of the Day

AeroGrow is not alone. Card skimming malware become an increasingly common attack vector for criminals looking to capitalize on the eCommerce explosion. Just in the last year, the well-known hacking group Magecart carried out similar skimming attacks on high-profile brands including British Airways, Ticketmaster and Vision Express 

One of the main reasons for the technique’s growing popularity is its simplicity. Whereas criminals would once have targeted an online merchant’s database or its post-website internal network traffic to collect valuable user data, attacks such as these exploit its customers instead, collecting their financial credentials as they input them 

In addition, it offers criminals access to genuinely valuable information. Any sensitive data held on a database, such as credit card numbers, will tend to be encrypted, for example, while it’s unlikely that CVV numbers will be stored at all. But, by intercepting this data in real time, often via a third-party site or plug-incriminals will enjoy unfettered access to highly valuable information which they can use – and in large amounts, too. Compromising a merchant’s server or individual endpoint will only deliver limited returns but compromising a merchant’s website can deliver information in spades 

Given the potential advantages it offers when compared to more traditional data exfiltration techniques, it’s hardly surprising that JavaScript-based card skimming malware is so popular among the criminal fraternity. Recent analysis found that more than 6,400 sites had been attacked by members of the Magecart hacking group since it first came on to the scene in 2014. The technique’s popularity among such a diverse range of different online merchants also suggests that the protection of payment pages is no longer the exclusive domain of the financial services industry.  


Protecting the User Journey

Although the theft itself may take place on the customer’s side of a transaction, the merchant is ultimately responsible for protecting customers from any malware campaign that targets their information. Provisions must be put in place that will prevent any personal information from leaving the site – regardless of the technique used – protecting the privacy of the data and thwarting any attempts to steal it.  

Trusted Knight’s Protector Air is a cloud-based solution, invisible to the end-user, that stops transactional fraud by securing every browser session, and therefore ensuring the integrity of every transaction. Click to find out how Trusted Knight can protect your business – and your customers’ information.    

Click here