Collins Harper
transmitting credit card data to a third party site
Vancouver, BC (PRWEB) April 16, 2015
A recent automated survey of online stores conducted by Collins Harper Software has found 2% of 2,000 eCommerce sites tested had been infected by one or more exploits that allowed credit card and billing information to be transmitted to the hackers.
“We started looking at credit card skimming hacks when a merchant came to us suspecting that they had an exploit in the system. They had been experiencing issues for over 2 months by the time they spoke to us, but none of the parties they dealt with before us were able or willing to locate the issue,” said Shane Harper, CEO of Collins Harper Software. “ What we found was a small section of code that was inserted into an existing file that was transmitting credit card data to a third party site. The infected file was somewhat difficult to find due to the way the hackers obfuscated their code. It just looks like a bunch of jumbled characters and the nature of what the code does is not immediately obvious even to experienced programmers.”
“Once we resolved the matter with this client, we were referred to a second client with a similar problem. At this point we started to wonder if this was a wide-ranging problem that affected other Magento installations.”
Collins Harper devised a way to scan an eCommerce site by looking for certain patterns in infected javascript files and applied these methods to an automated survey of 2,000 websites known to use the Magento Platform. The scan was devised to look for two different known exploits that could be found in certain javascript files. In addition, further manual investigation found another three server side exploits.
All of these exploits used techniques to insert and obfuscate the code inside existing files so that it would be better hidden from developers working on the site.
In an effort to reduce the number of affected sites, CollinsHarper has released a free tool on their website (https://www.collinsharper.com/magento-credit-card-skimming) to find some of these issues. Potentially infected stores will be given a list of suspected files that sites must then verify further.
“Credit card fraud is a $190 billion dollar business and it affects online businesses of all sizes. Any steps a merchant takes to prevent these types of attacks will pay for themselves. We’re servicing requests every month to investigate these issues but often the requests are reactive. We think merchants should be more proactive with respect to security,” said Shane Harper; CEO of Collins Harper Inc.
“We hope that merchants do make use of our tools and services to take a more proactive approach to preventing these issues from occurring rather than fixing them once they’ve experienced a data breach."
Collins Harper is a Canadian based web development firm that specializes in Magento-based eCommerce websites. They were established in 2006 and have developed websites for national and internationally recognized companies.
For more information, contact Shane Harper at sales(at)collinsharper(dot)com.