Magecart Hackers Perfect Fake Checkout Pages

Virtual credit cards just keep looking more and more like a compelling option...

shapelessed

Magecarts sabotaging one another is actually funny

thoughtfulwaffler

Cool to see you experimenting with the new format 👍

Shrekwhen

Since day one, or back when the internet was revealed to be as vulnerable as it is in the nineties, credit card companies have done so little to make information transfer secure. Just watching this video, I thought of a security feature which would thwart this kind of attack. Depending on the average frequency of transactions, a cc company could essentially "ping" transactions at odd intervals and insure that the transaction is processed through the proper channels. But like all financial instruments, credit card companies are relieved of responsibility before anyone else. But keeping criminals fat and happy is probably what has kept the U.S. financial system afloat. It certainly is criminal to turn the onus of opsec into an externality by shifting it to the consumer or the retailer.

SameAsAnyOtherStranger

For years i have been using a dedicated debit card for online stuff. I just transfer money from another account into it when i want to buy something. The rest of the time it only has about 10-20$ in it to cover things like icloud subscriptions etc.

TheColinputer

Interesting how cc numbers sell for as little as 15 cents, which happens to be pretty much the same amount Ticketmaster got fined - 13.3p x 9.4M victims.
No wonder protecting personal data is such a low priority. The banks would have had to reissue 9.4M cards, include postage costs and that's an order of magnitude greater than the 'fine'...

georgeprout

I love how they stabotage one another. It actually is helpful, and also funny.

midimusicforever

There is another interesting similiar approach where you fake a Browser inside the Browser window to ask for login details. It even detects if you use chrome or safari and if its windows or mac for the designs. But this Checkout Popup is a wild one!

socialdamage

2FA and 3D Secure are essential, but also nullify some claims.
There is no perfect solution when dealing with e-commerce fraud

metcaelfe

Damn dude! Quality is getting too good! And voice overs are just on 🔥 fire!

s.h.i.e.l.d

1. the actual french site is un-redacted for a frame or so in the video
2. changing just the last number for a credit card won't actually affect much, it's a check digit and can easily be fixed.

gFamWeb

Well, Mercadopago it's not a random payment processor, it's probably one of the biggest ones 😂

tobiaskap

awsome vid mate. are u aware of any protections for this as a customer on these sites.

zacpackman

15£ admin fee for the bank for not spotting a fraudulent transaction on their multibillion pound computer

kmcat

5 time's in 9 months I have had to replace my debit card because of this.
I have ALL kinds of security settings set up with my bank now. I get notices for everything even if it a$1.00 now.
Fortunately, they have not profited from me yet. It is just very annoying to call all the people who are on prepaid payments for my responsibilities.

IamwhoIam

how are the bad actors able to inject the malicious code?

surely they cant be compromising the buyer's end they have to exploiting a vulnerability in the magento shopping cart software and the server?

ejonesss

How often do you guys look at you creditcard while having htop open?

VincentFischer

How do the hackers obtain the credit card information when almost all new browser have CORS disabled by default, which prevents data being send from a legitimate website to a fraudulent website?

christianbrzeski

I can't believe payments without 2fa are still a thing in some places...

lucasmenten

thank you for the heads-up! That's crazy. Do I understand correctly that there is no way to tell from a regular end-user's perspective?
Would it help to always cancel the first payment gateway window that opens and click on the payment again, or not really?

jaromir_kovar