Hidden Code on Shopping Websites Could Steal Your Credit Card Information
Checkout pages run many hidden scripts from third parties. New security rules require online stores to monitor these better to protect your payment info.
Source
The Hacker News
Original headline: The Scripts on Your Checkout Page Are Now a PCI DSS Problem
Plain-English summary by GetCyberRight. Read the full report at the source above.
When you enter your credit card number on a website checkout page, you are not just interacting with that store's code. Modern checkout pages load dozens of hidden scripts from third-party companies: analytics tools, customer support widgets, payment processors, and advertising trackers. Any one of these scripts could potentially be compromised to steal credit card information as you type it. New payment security rules now require online merchants to monitor and control these third-party scripts more carefully. This affects anyone who shops online. Every time you enter payment information on a website, multiple companies beyond the store itself have code running on that page. If one of those third-party services gets hacked or turns malicious, your credit card details could be captured. The new rules from PCI DSS (the organization that sets credit card security standards) aim to force online stores to pay closer attention to what code runs on their checkout pages.
To protect yourself when shopping online, follow these steps. First, use credit cards instead of debit cards for online purchases, as credit cards offer better fraud protection. Second, enable transaction alerts from your credit card company so you are notified immediately of any charges. Third, check your credit card statements weekly rather than monthly to catch fraudulent charges quickly. Fourth, consider using virtual card numbers or services like Privacy.com that generate one-time card numbers for online purchases. Long term, shop primarily with well-known, established retailers that have resources to implement strong security measures. Avoid entering payment information on unfamiliar websites or those that seem poorly maintained. Consider using payment services like PayPal or Apple Pay when available, as these add an extra layer between your actual card number and the merchant. Teaching your teenagers these habits now will protect them as they start shopping online independently.
Curated from trusted cybersecurity sources by GetCyberRight
Source: The Hacker NewsStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles
The Hidden Risk Companies Create When Employees Leave (And What It Means)
AI tools given access to company systems often stay active long after employees depart, creating hidden security holes that affect everyone's data.
3 min readOrphaned AI Agents: The Hidden Risk at Your Workplace
Companies are losing track of AI tools accessing sensitive data. This creates serious security risks that could affect you and your family's information.
4 min read
Apple's Updated Siri Shows Promise But Still Needs Improvement.
The newest version of Siri on Mac computers has new features, but testing shows Apple still has work to do before it matches other AI assistants.
2 min readOnline Shopping Checkout Pages Face New Security Requirements
Payment card security rules now cover all the tracking scripts on checkout pages. This pushes stores to protect customer card data better but requires no action from shoppers.
2 min read