The perpetrators appear to be unique among Magecart-using groups at this stage. They not only don’t share much in common with other groups, they crafted their attack specifically with PrismRBS’ software in mind. There might even be a custom receiver system instead of a ready-made skimming kit popular among cybercriminals.

PrismRBS said it had learned of the breach on April 26th and “immediately” reacted, including efforts to stop the attack, launch an investigation and contact customers as well as law enforcement and payment card providers. It’s promising to bolster the security of its platform and conduct a “comprehensive end-to-end audit.”

There are tools that can block the scripts and the internet domains used for remote data theft. The challenge, as is often the case, is getting companies to adopt. Even if their payment software is up to date, they might not be aware of the possibility for card skimming hacks or have security tools to thwart them. And when the attacks can be highly effective, there’s plenty of incentive for crooks to find these soft targets.