This article was originally published in Elavon’s Payment Smart newsletter. The Washington Hospitality Association’s Payment Solutions is backed by U.S. Bank/Elavon.

Fighting fraud is a neverending battle, with the landscape shifting every day. As we enter the busy holiday season, it’s especially important to employ techniques that proactively mitigate risks.

Especially troublesome is a cyber threat called digital skimming. In fact, Visa recently released a report that said digital skimming “remains among the top threats to eCommerce merchants, card-not-present data and the payments ecosystem.”1 This form of data theft occurs when an attacker infects a commercial website with malicious code (malware) that “skims” payment card information as it is being entered into a website during payment – with the merchant and cardholder totally unaware.

There are no silver bullets to prevent these attacks, but Elavon’s Information Security team recommends the following actions to help mitigate risks:

  1. Keep your web server and application plugins up to date to maintain their performance and stability. If your website is run through a web hosting company, find out if they offer automatic updates, or give you the option to update your software on your website. If your website is not maintained by a web hosting company, you will need to update its plugins to stay secure.
  2. Review your company’s website content regularly to detect software that could infect your website with system vulnerabilities that could lead to data theft.
  3. Check your website frequently for tampering. If you detect any unauthorized changes, you should:
    • Shut down your website temporarily. While your website is under maintenance, back up any data using a backup tool. A backup tool will create duplicates of computer files that can be used for restoring the original files.
    • If your website is run through a web hosting provider, contact them immediately. They should assist you in locating any vulnerabilities and removing the malware from your website.
    • Change all passwords related to your account.
    • Run a full virus scan using anti-virus software if your web-hosting provider has not done this already.
    • Warn your users that your website has been hacked and recommend that they change their passwords to your website.
  4. If you believe your website has been breached, make a list of any unauthorized activity, document the details, and contact local police, as well as the Internet Crime Complaint Center run by the FBI.

By using these tips, you can create an additional line of defense that will drive a defensive wedge between your business and the elusive digital skimmers who want to access your customer and payment information.

1Visa Security Alert, August 2021: Digital Skimming Indicators of Compromise