Jane immediately calls her bank. Of course, this is not the bank’s first rodeo, so they void the charges and cancel Jane’s credit card. The bank agrees to send her a replacement VISA card within 48 hours, with a new credit card number, CCV, and expiration date. Jane is thrilled that the bank resolved the credit card charges quickly, but now she can’t make any credit card purchases for the next two days. However, the fun doesn’t stop there. Jane must now change her payment details on every website and subscription service she used her old card on for payment. Jane thinks to herself: “Great, there goes several hours of my life I won’t get back.”
What Jane and her bank do not know is how and where her credit card information was stolen. Jane is a frequent online shopper and is now questioning if she still wants to do business with her usual organizations.
A few months later Jane reads the news. Her favorite airline had a significant data breach. Hackers managed to infiltrate the client side of her favorite airline’s website and skim her credit card data when she booked her flight to New York.
As confirmation of her suspicion that her credit card information was stolen on the airline website, she also receives an email from the airline explaining that she is one of up to 380,000 people whose credit card details and traveler information, including email, name, and address were stolen in a web skimming attack by the Magecart criminal group.
Jane vows to try a different airline next time she is planning a trip.
Sounds pretty relatable, right? The majority of breaches of this type are malware-based skimming that go undetected for weeks or even months, on legitimate business websites.