classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn

Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2018

Card skimming gets more aggressive
November 2018, Security Services & Risk Management, Cyber Security

Card skimming – the act of copying data from a credit card either to make a physical or virtual copy of the card – is not a new tactic for criminals. As a result, many an unsuspecting card payer has been unpleasantly surprised by unauthorised payments made on their card after using it at a restaurant, doing online payments or at the shops.

Simeon Tassev
Simeon Tassev

However, the introduction of mobile card payment devices, increased security at pay points and ATMs, and 3D payment authentication for online payments has all but thwarted criminals seeking to make a quick buck from duplicating credit cards. Although small-time criminals still make use of physical card skimming devices and not all online portals have built in authentication, most have set their sights on more lucrative opportunities, where they are able to copy multiple cards with less traceability.

The recently uncovered MagentoCore skimmer scam has upped the ante, being described as the most successful skimming campaign to date, with over 7 993 online stores hosted on the Magento global ecommerce platform being affected over a six month period. Fifty-one million customers around the globe have made purchases from Magneto merchants, and the malware shows no signs of stopping any time soon.

With over 250 merchants using the open source Magneto platform, the hacker group responsible for MagentoCore continues to target new brands. According to industry expert and the person responsible for uncovering this threat, Willem de Groot, the hackers use a script called a ‘payment card scraper’ or ‘skimmer’ once they’ve breached the site and modified its source code to load the script along with its legitimate files. The script usually loads on store checkout pages and secretly records payment card details entered in payment forms, data that it later sends to a server under the hackers’ control.

What makes the malware so attractive to cybercriminals is that it is so incredibly difficult to trace, and the copying of hundreds of cards per day gives them the ability to copy far more data than ever before. Businesses and card users alike need to not only become more aware of the risks of online payments, but also protect themselves and their customers from threats.

What can retailers do?

Skimming is only one of many security risks that retailers with an ecommerce portal need to take cognisance of. It’s essential that they have a full risk management strategy in place which assigns risks a priority and puts the right technology in place to protect both themselves and their customers.

They need to perform regular checks on their customer facing websites, factoring in vulnerability scanning, web security scanning, code review, penetration testing and various other tests to ensure the website performs optimally and securely. Those retails who do not make use of a third-party two-factor authentication payment platform should ensure they have one in place.

Retailers who do outsource their functions, such as to an ecommerce platform, should ensure they have some sort of liability cover included so that if the platform is hacked, neither they nor their customers carry the risk.

It’s also important that they ensure their compliance is up to date and well managed. Compliance with regulations such as Payment Card Industry Data Security Standard (PCI-DSS) help to ensure that the minimal controls are in place to protect their own and their customer’s information during transactions. Other regulations such as the Protection of Personal Information (PoPI) Act and the General Data Protection Regulation (GDPR) gives them guidelines on how to protect their customer’s information across the board, too.

What can consumers do?

Many people today have a card and partake in some form of online purchasing, whether directly from a retail chain or through a third-party platform. Here are some tips to ensure consumers protect themselves:

• Check that the website is secure. A secure website will have a valid certificate, usually demonstrated by a locked padlock icon. Some tips on checking if a website is secure can be found at

• Deal with reputable vendors. This may not always be possible, and there are many exciting and trustworthy ecommerce stores that open up on a daily basis. However, where possible, opt for the sites that are well known and trusted.

• Ensure that the site has 3D security enabled, where shoppers are redirected to a third-party platform, often a financial institution’s platform, to verify that they are making the purchase through a security code being sent to the purchaser.

• Shoppers can also make use of a virtual card, which they load up with a pre-set amount of money in order to make online payments. A virtual card is a card created by a virtual card provider similar to a gift card. Many banks and third party virtual card providers are available today so that shoppers can add a layer of protection to online shopping.

• Mobile payment applications such as SnapScan or Zapper offer a safer method of payment for shoppers, so they should look for providers that offer this as a payment option.

• Remember that there is no 100% safe way to shop online or in store when using a card. Shoppers should be vigilant and if they are unsure, rather skip the purchase and find an alternative payment method.

It is highly likely that cybercriminals will only get smarter, targeting vulnerabilities in ecommerce and online retail platforms wherever possible. Both retailers and shoppers need to ensure they are aware of the risks and protect themselves wherever and however possible.

For more information, contact Galix Networking, 086 124 2549,,

  Share via Twitter   Share via LinkedIn      

Further reading:

  • 2019 cybersecurity crystal ball
    February 2019, Wolfpack Information Risk, This Week's Editor's Pick, Cyber Security
    Craig Rosewarne, MD of Wolfpack Information Risk says the cyber landscape will be more volatile and dangerous in 2019, are we ready?
  • Trends for 2019
    February 2019, Technews Publishing, This Week's Editor's Pick, Integrated Solutions, Security Services & Risk Management
    Hi-Tech Security Solutions asks around to find out what we can expect to see happening in the security market in 2019.
  • The value of adopting TAPA’s warehousing standard
    February 2019, Technews Publishing, Security Services & Risk Management
    Hi-Tech Security Solutions looks at TAPA’s FSR (Facility Security Requirements) standards, which cover best practices for securing assets in storage.
  • AI delivers autonomous efficiencies
    February 2019, Technews Publishing, This Week's Editor's Pick, Security Services & Risk Management
    Active Track adds artificial intelligence to its people-tracking solution to transform it into an effective, streamlined management application.
  • Business resilience will be key in 2019
    February 2019, ContinuitySA, This Week's Editor's Pick, Security Services & Risk Management
    One of the most important trends to emerge in recent years is that it is increasingly difficult to identify individual risks in isolation, says Michael Davies, CEO, ContinuitySA.
  • Secure parking on major routes
    February 2019, This Week's Editor's Pick, Asset Management, EAS, RFID, Security Services & Risk Management
    Hi-Tech Security Solutions spoke to Phambili Gama, COO of Zimele Investment Enterprise Company about its Zimele Truck Stops and the security in place to ensure the safety of people and assets on the sites.
  • New release of AC2000
    February 2019, Johnson Controls, Access Control & Identity Management, Security Services & Risk Management
    Johnson Controls’ latest CEM Systems’ AC2000 release goes beyond security to help mitigate health and safety risks.
  • 50% of companies can’t detect IoT breaches
    February 2019, This Week's Editor's Pick, Cyber Security, IT infrastructure
    Only around half (48%) of businesses can detect if any of their IoT devices suffer a breach. This comes despite an increased focus on IoT security.
  • SA fleet management report
    February 2019, This Week's Editor's Pick, Asset Management, EAS, RFID, Security Services & Risk Management
    IoT analyst firm, Berg Insight, says the installed base of fleet management systems in South Africa to reach 2,5 million units by 2022.
  • People risk in 2019
    February 2019, iFacts, Security Services & Risk Management
    Artificial intelligence has been around for some time now, but the ‘human element’ is going to cause some disruption in the more traditional HR space.
  • Data security sits at the heart of democracy
    February 2019, Cyber Security, Security Services & Risk Management
    A succession of high-profile government data breaches both locally and abroad has cast a stark light on the importance of effective public sector cybersecurity policies and protections.
  • Digital with a purpose
    February 2019, Security Services & Risk Management
    2019 is shaping up to be a year of reflection and re-imagination where we can strip away the hype and meaningfully consider the impact disruptive technologies are having on our society and how we’re going to respond.

Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Terms & conditions of use, including privacy policy
PAIA Manual
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.