Recent Magento Flaws Could Be Used For Card Skimming
19 Apr

The world of online shopping can be a safe place but only if people take the time to make it so. However, for every shop, there’s a malevolent entity - a cybercriminal - looking to try and exploit weaknesses in the site to collect personal information to use.

Tags:

The e-commerce platform Magento is one which has been gaining popularity over the years but could now face a jerk back down to reality - not only have they been exploited but it’s all over the internet. So what’s happened, and what does it mean for e-commerce?

The Code That Broke It All?

There’s a vulnerability inside the systems of the e-commerce platform known as Magento. Hackers recently released code to the public which, if implanted into the site, would allow criminals to skim card details from payments. There’s no need for authentication in the case of this code, which makes it all the more dangerous.

All the hackers would need is the name and password which protects these credentials, and then they have administrative access which allows them to exploit any area of the site that they want - theoretically, they could introduce any backdoor element or malware that they wanted.

Card Skimming?

One of the first things that you’re going to want to think about concerning this security risk is the idea of card skimming and how it can affect your experience. In essence, when you make a payment or put your card details into a system, a virus skims the information from the card at the same time as the system authenticates it. As a result, it takes the details and transmits them to a location of the hackers choosing, which puts you at serious risk.

What Does This Mean?

Of course, we have to stop and take a look at some of the impacts that this can have on the security of e-commerce and what it can mean when you’re just trying to shop online safely. There’s an element of having to stop and think about all of the different potential security risks which are present.

What’s most concerning about all of this is that the hackers have confirmed that the security risk in question is something which has been around for quite some time. It’s not a recent thing by any means and is instead something that has been around since the very beginning of the program, since at least the 1.0 edition.

From a business perspective, it really does make you stop and pause. Does your website have a security risk which is waiting to be exploited? Do you need to overhaul your entire system to make sure you’re as safe as possible? There are so many different questions that we need to ask ourselves, and it’s all because this site has been exploited. If you’re someone who shops online, then you need to make sure that you’re taking the time to properly understand all of the different risks that are involved, and that you’re watching to see whether a location is safe or not.

Need more advice? Do you think your Magento website is compromised? BigHat Digital offers a complete security sweep of your website, identifying issues and resolving these, this is included as standard when you join us as your development technology partner. We will give your site a complete technical run over (for free!), identifying issues, ensuring your website is secure amongst many other items in our checklist. We call this the Magento MOT, as its all about safety. Your revenue, your customers, your business - ensuring you are transacting at all times.

Send us your details using the contact form and we will give you a call back as soon as possible. We look forward to hearing from you.

Leave a Reply