SecurityMetrics Forensic Team Reports New iFrame Payment Gateway Attack Vector

News provided by

SecurityMetrics

Mar 23, 2021, 08:13 ET

OREM, Utah, March 23, 2021 /PRNewswire/ -- iFrames are a popular option for e-commerce merchants to maintain PCI DSS compliance. iFrames allow payment processors to take on the complexity of compliance and merchants can tend to their business.

But as more merchants move to iFrames, so do hackers. SecurityMetrics forensic investigators have recently found new sophisticated iFrame attacks that are leading to merchant e-commerce credit card theft.

A lot of time and effort has gone into making the contents of payment iFrames more secure and ensuring the card data remains unavailable to bad actors. However, an iFrame is still an HTML element rendered in the customer's browser.

"All an attacker needs to do is find any area of the website or the customer's browser where they can execute JavaScript commands against the iFrame tag," said Aaron Willis (PFI, CISSP, QSA, Senior Forensic Analyst at SecurityMetrics).

Click here to watch a demo of an iFrame hack.

SecurityMetrics has contacted their customers about this issue and is offering promotions for vulnerability scans to help merchants keep their data and their reputation safe.

E-commerce merchants should know that iFrame payment gateways are not totally secure, and can do the following to work on their security posture:

  • Perform a vulnerability scan from an PCI Approved Scan Vendor (PCI ASV) and work with hosting companies to address any discovered issues.
  • For SecurityMetrics customers, technology providers can be added to a customer account to answer SAQ questions, review scan results, and initiate subsequent scans.
  • Move to a web hosting solution that can be PCI DSS-validated.
  • Upgrade your shopping cart solution.
  • Maintain an incident response plan.

If you have questions about iFrame and e-commerce payment security, please visit us here.

For press inquiries, contact Meagan Elguera at 801-372-1705 or [email protected].

SOURCE SecurityMetrics

Related Links

http://www.securitymetrics.com

WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?

icon3
440k+
Newsrooms &
Influencers
icon1
9k+
Digital Media
Outlets
icon2
270k+
Journalists
Opted In
GET STARTED