Visa’s plan against Magecart attacks: Devalue and disrupt
Payments processor Visa does not intend to stand idle and watch as the current epidemy of Magecart (web skimming) attacks continues to rage unchallenged.
Beginning last summer, Visa begun throwing considerable resources at combating Magecart — a type of attack were cybercriminals hack into an online store to plant malware that collects payment card data as users enter personal details in checkout forms.
Speaking to ZDNet in a phone interview this week, Visa Senior Director of Payment Systems Intelligence David Capezza says Visa’s strategy against Magecart groups is to “devalue and distrupt.”
Through this approach Capezza says Visa aims to devalue the data attackers can steal from online stores, and then disrupt existing operations and prevent future attacks.
Visa’s plan to devalue payment card data involves the rollout of new technologies like the Visa Token Service and Click To Pay systems.
The Visa Token Service is a new payment mechanic through which payment card numbers and details are replaced by a token. This token validates the transaction against Visa’s servers, but its useless to attackers as it doesn’t contain any data cybercriminals can use to sell or clone cards.
This novel tokenization system will be coupled with the new Click To Pay technology that Visa and fellow card providers have been working on for the past few few years, and which they recently began rolling out across the US.
With Click To Pay, multiple card providers have banded together to create a common “Click to Pay” button that vendors can add to their online stores. Users only have to enter their card details once, and then click the button to buy products across the internet, without having to re-enter card details on each store.
Since users don’t have to enter card details on online stores, there’s nothing Magecart hackers can steal.
Both technologies were created to simplify online shopping, but they both happened to come along at the right time to help fight off Magecart attacks.
Visa says this new simplified online checkout experience will replace Visa Checkout in the US starting January 2020, and will continue to expand globally through the end of 2020 to additional markets.
However, as Visa and its partners on the payments market are rolling this new checkout experience to a broader audience, Visa’s security team has also been spending its time disrupting existing Magecart operations as much as possible.
Capezza told ZDNet that Visa’s security engineers have been proactively going after command and control servers used by Magecart groups since last year, and working with hosting providers to take out existing operations.
Further, to help identify new Magecart campaigns, Visa has also developed the eCommerce Threat Disruption (eTD) platform.
According to Visa, the platform actively analyzes merchant websites for malicious payment-data-skimming malware. Once a threat is identified, the Visa Payment Fraud Disruption (PFD) team notifies store owners and provides free guidance on how to remove the malware.
Through this mechanism, Visa was able to identify Pipka last September, a new form of Magecart malware that was being deployed in the wild at the time. In addition, an alert from the eTD platform also helped avoid up to $141 million in losses following “a widespread online service provider compromise.”