Online buyers risk card theft on thousands of sites

gloves 2 againIf a website you are buying from does not have a known payment provider such as Paypal, you are taking your life into you own hands, according to an investigation into online credit card theft.
So says Willem De Groot, co-founder and head of security at Dutch ecommerce site byte.nl, who started an investigation into the issue after his own card details were stolen.
He claims that thousands of online shops – including those run by leading car brands, fashion houses and even government departments – are unwittingly giving hackers access to the credit card details of customers, through malicious software which has been injected into their sites.
In his own sweep of online stores, he uncovered 5,925 compromised sites by scanning for the data-stealing code, which claims has been injected into the sites by cyberthieves.
In a blogpost, De Groot said the attackers exploited known vulnerabilities in several widely used online retailing software programs, which allowed them to inject code that copied credit card and other payment information.
De Groot said: “New cases could be stopped right away if store owners would upgrade their software regularly. But this is costly and most don’t bother.
Te told the BBC: “I would recommend consumers to only enter their payment details on sites of known payment providers such as Paypal. They have hundreds of people working on security, the average store probably has none.”

Related stories
PwC to hire 1,000 experts as data security fears soar
Even a toddler could hack most websites, says ICO
Three held at TalkTalk call centre for data theft
Asda accused of ignoring website flaw for 2 years
Firms must wake up to EU data breach rules – or else
Data security spend never high enough, MPs told

Print Friendly