Whether your eCommerce business uses SagePay, WorldPay, Verifone, Adyen, Ingenico, Ogone, Stripe, or in fact, any other payment processor's outsourced payment acceptance model, this malware *will* still be able to steal your customer data - if your website is insecure.
Unfortunately a lot of online businesses believe that because they have bought an outsourced payment solution from their payment service provider, that they are secure.
This is incorrect - if the website is not secure, then regardless of who is processing the payment, the payment data can be stolen.
Read more for the details.
Much has been made of the Magento Shoplift vulnerability from the beginning of the year, and we have certainly seen a notable uplift in Magento related investigations on the back of it. A trend that we have observed over recent weeks involves a variation to the Shoplift attacks, designed to steal payment card data from outsourced payment models - including hosted payment pages and iframes as provided by all major payment processors.