Hackers ‘skimming’ card details on checkout pages of small sites
THOUSANDS of customers have potentially had financial details “skimmed” on the checkout page of small business websites, GCHQ has warned.
The digital security agency’s publicfacing arm, the National Cyber Security Centre (NCSC), said it had uncovered more than 4,000 incidents where business websites have been unknowingly leaking customers’ financial information to hackers.
The NCSC warned that the scam was happening mainly on the websites of smaller businesses where cyber criminals were able to exploit “vulnerabilities” in the software. The warning comes ahead of the Black Friday sales, in three days’ time, when millions are expected to make online purchases as they shop for bargains.
The agency is urging small businesses to ensure their payment software is up to date to make it harder for hackers to infiltrate. Steve Barclay, Chancellor of the Duchy of Lancaster, said: “On Black Friday and Cyber Monday [Nov 29] the hackers will be out to steal shoppers’ cash and damage the reputations of businesses by making their websites into cyber traps.”
Online skimming takes its name from the real-world version of the scam where criminals fit cash machines with devices that can read victims’ credit cards. The criminals then use the card details and pin numbers to make purchases on the victims’ accounts.
In the digital version, hackers infiltrate businesses’ software so they can see the card details that shoppers put in on the checkout page.
The NCSC said it had seen an increase in this type of scam since the pandemic, and had uncovered 4,151 cases since April last year. It said that in most cases scammers had infiltrated the websites via a known vulnerability in a popular e-commerce software.
Sarah Lyons, deputy director for economy and society at NCSC, said: “I would urge all business owners to follow our guidance and make sure their software is up to date.”
Graham Wynn, of the British Retail Consortium, added: “The cyber resilience toolkit for retail, produced in partnership with NCSC, is available on the British Retail Consortium’s website for retailers to consult and boost cyber defences.”