Evidenced in the Verizon 2019 Data Breach Investigation Report from data collected by the National Cyber-Forensics and Training Alliance (NCFTA), is the reality that attacks against e-commerce web applications continue to rise.
NCFTA tracked malicious activity in card-present versus card-not-present transactions and found that card-present fraud has decreased but at the same time opened the door for a rise in card-not-present fraud.
“Vulnerable internet-facing e-commerce applications provide an avenue for efficient, automated, and scalable attacks,” the report said. “And there are criminal groups that specialize in these types of attacks that feast on low-hanging fruit.”
As customers enter their data into web forms, attackers inject code that captures the customer data. The report advised e-merchants to consider that, “widespread implementation of file integrity software may not be a feasible undertaking. Adding this to your malware defenses on payment sites should be considered. This is, of course, in addition to patching OS, and payment application code.”