iFrames are a popular option for e-commerce merchants to maintain PCI DSS compliance. iFrames allow payment processors to take on the complexity of compliance and merchants can tend to their business.
But as more merchants move to iFrames, so do hackers. SecurityMetrics forensic investigators have recently found new sophisticated iFrame attacks that are leading to merchant e-commerce credit card theft.
A lot of time and effort has gone into making the contents of payment iFrames more secure and ensuring the card data remains unavailable to bad actors. However, an iFrame is still an HTML element rendered in the customer’s browser.
SecurityMetrics has contacted their customers about this issue and is offering promotions for vulnerability scans to help merchants keep their data and their reputation safe.
E-commerce merchants should know that iFrame payment gateways are not totally secure, and can do the following to work on their security posture:
- Perform a vulnerability scan from an PCI Approved Scan Vendor (PCI ASV) and work with hosting companies to address any discovered issues.
- For SecurityMetrics customers, technology providers can be added to a customer account to answer SAQ questions, review scan results, and initiate subsequent scans.
- Move to a web hosting solution that can be PCI DSS-validated.
- Upgrade your shopping cart solution.
- Maintain an incident response plan.
For more such updates follow us on Google News TalkCMO News.