Trust? we've heard of it but that was a few years ago.
We've recently had a corporate card skimmed, the card company caught it very quickly and called us, it's been cancelled and replaced.
The problem has been sorted but I'm seeing a follow up attack - looks like they found the card holder details and email address - they are now sending the user spoof emails pretending to be from the card company about the card replacement - just click here to confirm ... except the link is to annex.my or somewhere. Uptick of SalesOrder.iso files too.
These hacks can go on and on after the event.
Then, of course, the page stops working. But any web dev that relies on client side scripting on a payments page should be barred permanently from the trade. Nothing sensitive or state-changing should ever be done client side (hence the invention of POST). It needs more expertise to do the job server-side, and that's the whole thing - fundamental lack of expertise in those tasked with mission- and security-critical systems development.
"implemented additional security safeguards"
You mean like actually checking what ode is actually running on your fscking website? It bothers me how massive and bloated websites have become and how they've gotten to the point where it is impossible to actually audit the things due to the massive amounts of 3rd party code that gets loaded so the page can show some sparkly menu or the page has a sliding effect that no one gives a shit about.
I really miss the days when even the most complicated of websites could be audited by a single person with a text editor and basic skills in HTML, CSS, and whatever language the the CGIs were written in (And that language almost always being something ubiquitous like shell scripts or C).
Re: "implemented additional security safeguards"
And cursory auditing of a website, a first-look to see if something raises a flag in order to investigate further, is a rudimentary joke that takes only basic skills. Drill down through your directory structure and look for signs of recent changes in the timestamps.
That's it. Yet, as you well noted, not a SINGLE person bothered to security check the website on an ongoing basis?
The entire IT department either needs a humiliating spanking or an outright firing. As you, again, well noted, not a single person could figure this out and accomplish a simple, continuous website oversight, never-you-mind a true audit?!