For issuing banks
● Notify users of possible risks in the online payment process when using bank cards.
● If payment cards related to your bank have been compromised, block these cards and notify the users that the eCommerce store has been infected with a payment card sniffer.
● Receive first-hand reports about compromised card sales on the Dark web. Check for the cards issued by the bank in the DBs for sale.
To access unique closed sources, and improve your visibility into the underground card shops you may use Group-IB Threat Intelligence & Attribution
● Prevent fraud with stolen credit cards and protect your customers' digital identity. An example of such a solution is the Group-IB Fraud Hunting Platform
For eCommerce websites administrators
● Use complex and unique passwords to access the website's admin panel and any services used for administration, for example phpMyAdmin, Adminer. If possible, set up two-factor authentication.
● Install all necessary updates for the software used, including CMS of websites. Do not use outdated or unsupported versions of the CMS. This will help to reduce the risk of servers being compromised and make it more difficult for an attacker to download the web shell and install malicious code.
● Regularly check the store for malware and conduct regular security audits of your website. For example, for websites based on CMS Magento, you can use Magento Security Scan Tool.
● Conduct complex security assessment
of your website to discover all possible vulnerabilities, get information about existing exploits, and receive in-depth recommendations to eliminate them.
● Use the appropriate systems to log all changes that occur on the website, as well as to log access to the website's control panel and database and track file change dates. This will help you to detect website files infected with malicious code, as well as track unauthorized access to the website or web server. For payment systems/payment processing banks
● Ensure that your services use a correctly configured Content Security Policy.