‘Almost 6,000 web shops are unknowingly harbouring malicious code that is stealing the credit card details of customers, suggests research.The code has been injected into the sites by cyberthieves, said Dutch developer Willem De Groot.He found the 5,925 compromised sites by scanning for the specific signature of the data-stealing code in website software.Some of the stolen data was sent to servers based in Russia, he said.’ – BBC
I was wandering around an online service the other day and when I decided to pay for one of their offerings I was presented with a screen full of payment options. It looked amazingly customer friendly at first but then hovering my mouse over the blocks of specific payment options they all turned out to be fancy URLs of highly suspicious East European or Russian domains.
After careful consideration (which might not be amongst the obvious built-in abilities of the average customer) I decided to leave conventional bank card payments options on the table and turned my attention to the box with a bitcoin logo on it.
As you might have already heard, bitcoin is good for several cool things other than paying ransom and this is one those nice features. Bitcoin payments (besides being anonymous) are a safe way to pay for services so I used up some of the content of my bitcoin wallet and left all the tricky URLs for more unfortunate users.
But not all of us are lucky enough to have a bitcoin purse. If you are not in the mood to register at one of the legal and safe providers (i.e. Coinbase) you could still easily set up a Paypal account for digital payment (you could even use your credit card through Paypal to pay) in minutes.
So why bother using your credit card anymore?
But there is another aspect of this interesting enough to bite into it for a few words: “New cases could be stopped right away if store owners would upgrade their software regularly,” – said the researcher who found these nearly 6000 infected web pages.
As a former webshop operator, I have to tell you something. Most of these (especially small businesses) are not professional IT machines. They are not running a 24/7 IT service, but most likely even if they hire a company to take care of their shop they are definitely not updating shop engines and codes every time a new patch comes out. This is simply financially and operationally not feasible.
So until the software is available to do this by itself without endangering daily operations, shopkeepers will only do pent tests or security checks once or twice a year max. Between these check-ups most websites will remain as vulnerable as they are today.
Deal with it. Use Paypal or Bitcoin.