The PCI (Payment Card Industry) Security Council weighed in recently on the Magecart skimming threat–you can read a summary of it over at Dark Reading. From the PCI bulletin, here are some best practices:
What are some DETECTION best practices?
- Use of vulnerability security assessment tools to test web applications for vulnerabilities
- Use of file-integrity monitoring or change-detection software
- Performing internal and external network vulnerability scans
- Performing period penetration testing to identify security weaknesses
What are some PREVENTION best practices?
- Implement malware protection and keep up to date
- Apply security patches for all software
- Restrict access to only what is absolutely needed and deny all other access by default
- Use strong authentication for all access to system components
Make sure your business is keeping this on its radar–especially if you’re processing payments online.