Take Care of the Credit Cards

by
credit card

This article about credit cards came about because of two things:

The first was a conversation last year with a potential client who was considering having a payment system written for their website as they did not want to have to pay for a service.

and

An article I read this morning that the largest alcohol retailer in Canada had a malicious script embedded in its website that was stealing customer’s credit card details, for five days:

The First Thing

The retailer in question is The Liquor Control Board of Ontario (LCBO), a government owned enterprise that responsibly sells alcohol across the state of Ontario and has done since 1927, with the profits going back into the government.

So this is not a small or new operation – and they still suffered this basic theft attack – stealing credit card information. This type of attack is called web skimming, the threat actors are on the search for websites that are compromised and into which they can insert their malicious code. This compromise may come at any stage of the supply chain, weak security of the online accessible code, security patches missed or postponed because of the Christmas celebrations or insider access to the code are among the possibilities.

The LCBO has been very fast and proactive in responding to this attack and have kept their customers well informed – the dates of the attack are well defined and customers who used the online store during that period can take the necessary actions to protect themselves. The LCBO has not commented on the exact method of the attack.

Your takeaway from this – credit cards

Take steps to make sure your web site supply chain is as secure as possible, whether you sell online or not. Your reputation is as important as credit card data.

And don’t consider having your own credit card handling software written.


Clive Catton MSc (Cyber Security) – by-line and other articles

Further Reading

How much are you relying on your web designer to protect your reputation?

Canada’s largest alcohol retailer’s site hacked to steal credit cards (bleepingcomputer.com)

About the LCBO

LCBO Statement Regarding Cybersecurity Incident and Response

Web skimming – Wikipedia

Contact us for consultation

Wake up to cyber threats..

Take Care of the Credit Cards Cyber Awake
HQ Based between Newark and Lincoln

Get in touch

CyberAwake
Unit 2 Kingsley Court
Kingsley Road
Lincoln
LN6 3TA
United Kingdom

01522 508089

useful links

Website Cookies Icon

This website uses cookies to ensure you get the best experience on our website. Click for more information.

accept & Close