By Source Defense
The theft of payment card data from retail organizations is on the rise, with 18 percent of breaches attributable to Magecart attacks, according to Verizon’s 2023 Data Breach Investigations Report (DBIR) released June 6. This shouldn’t come as a major shock given Visa’s recent warning of 176% rise in these attacks over the past 6 months, or Recorded Future’s warning that as many as 10,000 sites were actively compromised last year. Yet, it doesn’t seem like enough is being done to cut these attacks off at the source. That’s why we’re doing everything we can at Source Defense to change that reality…keep reading…
The 2023 DBIR examined 16,312 incidents, of which 5,199 were confirmed data breaches. The Retail sector suffered 406 incidents, 193 with confirmed data disclosure. System Intrusion, Social Engineering, and Basic Web Application Attacks represent 88% of breaches. The data compromised included Payment (37%), Credentials (35%), Other (32%), and Personal (23%) (breaches).
“Retail organizations continue to be lucrative targets for cybercriminals looking to collect Payment card data,” the report states. “We are seeing a relatively large increase in Payment card data stolen compared to last year,” the report states, characterizing the attacks as “a tried-and-true method of monetizing data.”
“These criminals find ways of embedding their malicious code within your site’s credit card processing page. This allows them to quietly and subtly abscond with your customers’ payment data without actually affecting the functionality of your website,” the report states.
Verizon’s analysis of just payment card breaches in the Retail sector found that 70% of breaches originated from Web applications, 17% from Gas terminals, and 8% from PoS Servers.
“This once again illustrates how e-commerce has made it way too easy to get what you want, including stolen credit cards,” the report states. “If you are looking for some added incentive, it’s worth mentioning that by the time our 2024 DBIR is published, you should all already be compliant with Payment Card Industry (PCI) Data Security Standard (DSS) 4.0.”
Source Defense recently announced the launch of a FREE PCI DSS 4.0 Compliance Support Solution. The solution is immediately available for the millions of merchants who must comply with PCI DSS and the QSAs that serve them.
Make Magecart Attacks a Thing of the Past
This is as close to ‘set it and forget it’ security and data privacy that you will see on the market.
Cybersecurity analysts can rest easy at night — and engage in valuable activities during the workday — knowing that a critical portion of their job is being efficiently and automatically managed. Ultimately, the Source Defense platform offers a simple way to manage the 3rd party risk in your digital supply chain and prevent attacks from the client side.Waiting to act is simply waiting to be attacked. Visibility is the first and most important part of any risk mitigation program. Source Defense is ready to provide you with a free website risk analysis within the next few days. Get moving with the Source Defense team to close off this open gap in your eCommerce security.
PCI DSS 4.0 makes client-side security a priority.
Source Defense delivers a solution for 6.4.3 and 11.6.1 without adding a burden to your security teams.