Credit card fraud has been prevalent recently due to the use of card skimming. Earlier this year, it was discovered that a hacking group, named Mirrorthief, used a scripting technique to siphon data from 201 online campus stores.
Across Canada and the U.S., the hackers harvested sensitive information such as addresses, phone numbers, names, and full card details of the online customers. They were able to do this through a campus retail software called PrismRBS.
Trend Micro, which discovered the hacking group, also stated that the hackers used PrismWeb, which is a platform designed by PrismRBS for college students.
“The attacker injected their skimming script into the shared JavaScript libraries used by online stores on the PrismWeb platform,” the Trend Micro report read. “We confirmed that their scripts were loaded by 201 campus book and merchandise online stores, which serves 176 colleges and universities in the U.S. and 21 in Canada.”
In response, PrismRBS released an official statement about the skimming incident. The statement noted that on April 26, 2019, the company became aware of an unauthorized third-party that obtained access to e-commerce websites. Once PrismRBS was aware, they issued an investigation through an IT forensic firm, as well as notified payment card companies and law enforcement.
This card skimming case wasn’t the only one to occur in 2019. On October 7, hackers were able to get into Macy’s website and harvest sensitive information. This information include payment information, addresses, and names.
Upon discovering the attack a week later on October 15, Macy’s shut it down. The store chain also issued an official statement about the incident. “On October 15, 2019, we were alerted to a suspicious connection between macys.com and another website,” the statement read. “Our security teams immediately began an investigation. Based on our investigation, we believe that on October 7, 2019 an unauthorized third party added unauthorized computer code to two (2) pages on macys.com.”
As for the number of customers affected by the attack, Macy’s told Bleeping Computer that victims amounted to a “small number.” Macy’s added that it had since implemented “additional security measures” as a means of skimming prevention.
As the popularity of e-commerce continues to increase, the use of card skimming and credit card fraud are on the rise as well. Campus stores and Macy’s are not the first to experience this, and they would not be the last. Previously, major brands such as Newegg, Ticketmaster, and British Airways were victims of fraudulent activity.
In order to take the best preventative measures against card skimming and credit card fraud, business owners should look into services such as address verification and fraud scoring tools.
At Merchant Broker, we are dedicated to helping your business become secure and trusted by your customers. In a previous post, we discussed details about these services, as well as provide tips on what to watch out for when it comes to fraud detection. We also have a stellar team who would be happy to work with your business to get the best of the best in terms of credit card processing tools and rates.
For more information, feel free to either give us a call at 1-888-668-0733 or email us at info@merchantbroker.com.