A leading payments industry news source for more than 17 years. Glenbrook curates the news and keeps you abreast of the important daily headlines in payments.
Search Payments News
February 11, 2022
On the web
Hundreds of E-commerce Sites Booby-trapped With Payment Card-skimming Malware
Ars Technica
“About 500 e-commerce websites were recently found to be compromised by hackers who installed a credit card skimmer that surreptitiously stole sensitive data when visitors attempted to make a purchase. A report published on Tuesday is only the latest one involving Magecart, an umbrella term given to competing crime groups that infect e-commerce sites with skimmers. Over the past few years, thousands of sites have been hit by exploits that cause them to run malicious code. When visitors enter payment card details during purchase, the code sends that information to attacker-controlled servers.”
November 15, 2021
On the web
Costco Discloses Data Breach After Finding Credit Card Skimmer
BleepingComputer
“Costco Wholesale Corporation has warned customers in notification letters sent this month that their payment card information might have been stolen while recently shopping at one of its stores…Costco discovered the breach after finding a payment card skimming device in one of its warehouses during a routine check conducted by Costco personnel.”
March 2, 2021
On the web
Checkout Skimmers Powered by Chip Cards
KrebsOnSecurity
“Easily the most sophisticated skimming devices made for hacking terminals at retail self-checkout lanes are a new breed of PIN pad overlay combined with a flexible, paper-thin device that fits inside the terminal’s chip reader slot. What enables these skimmers to be so slim? They draw their power from the low-voltage current that gets triggered when a chip-based card is inserted. As a result, they do not require external batteries, and can remain in operation indefinitely.”
February 17, 2021
On the web
Bluetooth Overlay Skimmer That Blocks Chip
KrebsOnSecurity
“As a total sucker for anything skimming-related, I was interested to hear from a reader working security for a retail chain in the United States who recently found Bluetooth-enabled skimming devices placed over top of payment card terminals at several stores. Interestingly, these skimmers interfered with the terminal’s ability to read chip-based cards, forcing customers to swipe the stripe instead.”
Malicious Script Steals Credit Card Info Stolen by Other Hackers
BleepingComputer
“A threat actor has infected an e-commerce store with a custom credit card skimmer designed to siphon data stolen by a previously deployed Magento card stealer. Credit card skimmers (aka payment card skimmers or Magecart scripts) are JavaScript scripts that cybercrime groups known as Magecart groups inject into hacked e-commerce sites as part of web skimming (also known as e-skimming) attacks.”
October 6, 2020
On the web
Boom! Hacked Page on Mobile Phone Website Is Stealing Customers’ Card Data
Ars Technica
“If you’re in the market for a new mobile phone plan, it’s best to avoid turning to Boom! Mobile. That is, unless you don’t mind your sensitive payment card data being sent to criminals in an attack that remained ongoing in the last few hours. According to researchers from security firm Malwarebytes, Boom! Mobile’s boom.us website is infected with a malicious script that skims payment card data and sends it to a server under the control of a criminal group researchers have dubbed Fullz House.”
September 9, 2020
On the web
Warner Music Discloses Months-Long Web Skimming Incident
ZDNet
“Music recording powerhouse Warner Music Group has disclosed today a security incident that involved some of the company’s online stores. Called “web skimming” or “magecart,” this type of attack happens when hackers take control over a website and insert malicious code that logs customer details entered inside payment forms.”
Payments News
Give us your email address or link to our RSS feed and we’ll push the daily Payments News headlines to you.
Top Stories from Payments News
Glenbrook Payments Boot camp®
Register for the next Glenbrook Payments Boot Camp®
An intensive and comprehensive overview of the payments industry.
Train your Team
Customized, private Payments Boot Camps tailored to meet your team’s unique needs.
OnDemand Modules
Recorded, one-hour videos covering a broad array of payments concepts.
Glenbrook Press
Comprehensive books that detail the systems and innovations shaping the payments industry.