There are 5 common exploits that were found by CollinsHarper during this scan. These exploits included:
- a client side script injected into the site visitors’ browser that captured credit card and billing information during checkout that was then transmitted to a 3rd party server and;
- a server side vulnerability where credit card information was stored in the Magento web store for retrieval
The CH Fraud tool will check your site for client side exploits and, on request, CollinsHarper will conduct a server side check for vulnerabilities as well.
Please ensure you keep your magento site up to date with patches and the latest version.
All of these exploits remove your PCI compliance which means your merchant account could be taken away at any time. For some stores, this might mean a loss of a few thousand dollars a day, for others, tens of thousands, while scrambling to regain their ability to charge credit cards.