For those of you that have websites that process online payments (such as retail, hospitality, health care, entertainment and utilities), the Federal Bureau of Investigation (FBI) recently issued a warning about e-skimming threats to those websites. E-skimming occurs when an attacker introduces malicious code on the website to obtain in real time debit and credit card information while it is being entered into the portal.
The FBI provided several tips to take to reduce risk of e-skimming, including:
- Payment software, plugins, and the content management system should be kept up to date and patches should be applied as soon as possible.
- Third-party resource integrity checks should be activated via Content Security Policy to limit the loading of JavaScript to trusted domains.
- Code integrity checks should be performed regularly to identify any changes to the code on the e-commerce platform and web logs should be monitored and regularly analyzed.
- Anti-virus software or plugins should be used on websites to help identify malicious code and businesses should ensure that they are PCI DSS compliant.
Strong, unique passwords should be created and multi-factor authentication should be implemented to help ensure stolen credentials cannot be used to gain access to the e-commerce platform.