The ups and downs of the last year and a half have wreaked havoc on societal norms. It’s changed how we work out, socialize with our friends and family, celebrate life’s events, and conduct business. The tension between safety vs. normalcy is one we all navigate every day.
As a result, people are conducting business over the internet using mobile apps and web browsers more frequently than before. Companies are embracing mobile and home access to traditional in person transactions such as banking and finance. These financial institutions are using security features like faceID, touchID, and multi-factor authentication (MFA) to make account logins more secure. They are also using software and technology to secure the data inside their systems on the back end.
But what are companies doing to protect the information that passes between login and storage? Securely logging into my account and entering my personal information onto an online loan application, account creation, or investment form does not automatically mean the information is safe. Online skimming attacks, such as Magecart, are a concern these financial institutions cannot ignore. An article by Stickley on Security summarizes how advanced attacks can infiltrate and hide in benign media objects like images or videos on a website.
In April of this year, the Credit Union National Association published an article from Cyber Defense Labs offering three steps to take to prepare for the next cyberattack. Let that sink in for a moment. There will be a “next” cyberattack. There are no ifs, ands, or buts about it.
Security professionals cannot have an “if” mentality, they need a “when” mindset. The article asks of credit unions:
“Is your team knowledgeable and informed about today’s threat environment, where vulnerabilities are being exploited across the financial services sector, and what to watch out for?”
When it comes to today’s threat environment, many security professionals forget that the same mobile app or web browser customers are using to login can be the target of advanced Magecart attacks. Most of the issue with preventing or even detecting these attacks comes from supply-chain insight. The Financial Stability Board (FSB) posted a report relating to Third-Party Relationships where respondents to a survey:
“…noted that outsourcing and third-party relationships, including the chain of sub-contractors (or “nth parties”) involved, are complex and lack transparency…which makes it very challenging for financial institutions to manage and mitigate supply chain risks..”
The solution to this problem, and the only way to prevent Magecart attacks in real-time is with Source Defense’s VICE product. VICE offers customers insight into where code on their site is coming from, from the site itself all the way through those “nth parties” the FSB mentions. This removes the difficulty in managing those website supply chain risks. VICE also prevents JavaScript overreach, keeping customer data safe and away from legitimate third parties and malicious actors. With a zero trust model, VICE helps businesses with CIS Controls 9, 10, and 16. Source Defense can help credit unions prevent skimming attacks, protect customer data in real-time, and gain insight into what third parties are active on your site.
For a demo of just how Source Defense can help, request one today.
PCI DSS 4.0 makes client-side security a priority.
Source Defense delivers a solution for 6.4.3 and 11.6.1 without adding a burden to your security teams.
