This entry was posted on April 14, 2015.
In a recent survey conducted of 2,000 Magento eCommerce stores, CollinsHarper Inc. found 2% of surveyed sites had been infected by an exploit that allowed credit cards and billing information to be transmitted to unauthorized third parties.Common Exploits
There are 5 common exploits that were found by CollinsHarper during this scan. These exploits included:
- a client side script injected into the site visitors’ browser that captured credit card and billing information during checkout that was then transmitted to a 3rd party server and;
- a server side vulnerability where credit card information was stored in the Magento web store for retrieval
The CH Fraud tool will check your site for client side exploits and, on request, CollinsHarper will conduct a server side check for vulnerabilities as well.
Please ensure you keep your magento site up to date with patches and the latest version.
Check Now
All of these exploits remove your PCI compliance which means your merchant account could be taken away at any time. For some stores, this might mean a loss of a few thousand dollars a day, for others, tens of thousands, while scrambling to regain their ability to charge credit cards.
