With online purchasing becoming more mainstream, ecommerce skimming is also on the rise. Ecommerce skimming can be a serious threat to businesses because of how difficult it is to detect, how long it can remain undetected and how much it can cost vendors.
Why SecurityMetrics Shopping Cart Monitor?
Shopping Cart Monitor has the potential to save online retailers a significant amount of money and frustration since content providers can be held liable for damages—damages that can cost retailers hundreds of millions of dollars every year. Even for smaller merchants, a breach costs $200,000 on average. Once you have experienced a security breach, the likelihood that it will happen again significantly increases.
Get Started with Shopping Cart MonitorStart Here
Shopping Cart Monitor was designed to work in tandem with other security products to protect merchants from digital skimming and help SMBs continue to thrive by staying ahead of threat attackers.
How we discovered the cost of eskimming
Several years ago the SecurityMetrics Forensics Team started getting an increased number of merchants that were experiencing ecommerce skimming. In one particular case, a merchant was bleeding tons of card data despite having strong security in place. SecurityMetrics forensics ran antivirus scans, checked for malware, ensured their input fields were sanitized, and analyzed their code line by line, but they couldn’t find anything wrong in the merchant’s servers or databases.
Eventually, SecurityMetrics Forensic Analyst Aaron Willis (QSA, CISSP, PFI) ran a simulated purchase through the company and found a piece of malicious code attached to a compromised third party. This code was only triggered when a customer filled in the CVV field.
This breach occurred within a company that did everything right—they had layered security and there weren’t any issues with their code. In this case, the third party (i.e., an analysis company that tracked data about shopping carts) had been compromised.
Why other security solutions can’t detect eskimming
As you can see in this case study, hackers understand that merchants use security products such as file integrity monitoring (FIM), vulnerability scans, antivirus software, and client side certificates to protect their data. While each of these options are essential components to strong security, they are created for specific security tasks and therefore have vulnerabilities that hackers can exploit.
One limitation of most security options for vendors is that they are only able to monitor the merchant’s servers and databases, so they don’t catch malware attached to third parties. As a result, hackers are becoming more sophisticated with their attacks by attaching malicious scripts to third parties that interact with merchant’s networks instead of attacking the merchant directly.
Magecart attacks are particularly vicious because unlike traditional skimming, they do not leave any indication of compromise on the web server, making them extremely difficult to detect. Eskimming attacks have become so difficult to detect that they can take years to discover.
How Shopping Cart Monitor can help you
In response to the increase and sophistication of ecommerce skimming, SecurityMetrics developed Shopping Cart Monitor. Shopping Cart Monitor is a preventative software that continuously monitors websites for any suspicious activity within the shopping cart or point of payment and alerts you if there is an issue. Shopping Cart Monitor catches threats from compromised third parties by finding malware as it is operating in real time in the customer’s browser.
Aaron Willis explains, “Attackers are as innovative a breed of criminal as they come. Shopping Cart Monitor is important because it helps us continually stay in front of those attackers. It helps us keep your website from becoming the lowest hanging fruit on the tree. By running Monitor, you’re going to stay ahead of attackers . . . if you’re running Monitor, you’re protected.”
Shopping Cart Monitor offers:
· Non-intrusive Scanning
· Customizable Training Assignments
· Regular Alerts
· Straightforward and Simple Reporting
· Automated Inspection
· Segmented Lists of Threat Indicators
· User-Friendly Interface
· 24/7 Technical Support
What customers are saying about Shopping Cart Monitor
The WIM product has allowed us to help our smallest, most vulnerable merchants identify and address data security issues quickly. Our conversations have been much more meaningful as a result of this analysis.” Pilot Partner Bank
“SecurityMetrics has taken a very complicated process and made it simple.” John Wadsworth, VP of Operations, Higher Standards, Inc.
“I wanted to let you know that every experience I've had has been very positive, professional, and friendly.” Shelly Wells, Cornerstone Credit Services
“We've been extremely happy with the high level of support, simplicity and follow through from SecurityMetrics.” Tom Cooley, President, Versatalis Payment Solutions
Why work with SecurityMetrics for ecommerce security?
Pulse is available through the SecurityMetrics Threat Intelligence Center and is backed by 20-plus years of security industry experience, including over a million scans and thousands of security audits and investigations. With a focus on continuous improvement, innovation, and collaboration, SecurityMetrics Threat Intelligence Center teams work together and with customers to provide each business with the best products and services for their environment.
To discuss your network security needs, submit a quote request for Pulse here.
SecurityMetrics helps customers close data security and compliance gaps to avoid data breaches. They provide managed data security services and are certified to help customers achieve the highest data security and compliance standards.
As an Approved Scanning Vendor, Qualified Security Assessor, Certified Forensic Investigator and Managed Security provider SecurityMetrics guides organizations through compliance mandates (PCI, HIPAA, GDPR) and has tested over 1 million systems. The privately held company is headquartered in Orem, Utah where it maintains a Security Operations Center (SOC) and 24/7 multilingual technical support.