It's skimming credit card data at the point of use. Physical terminal or webpage... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

throwaway201103 on Nov 11, 2020 | parent | context | favorite | on: A new skimmer uses WebSockets and a fake credit ca...

It's skimming credit card data at the point of use. Physical terminal or webpage doesn't seem a big distinction. The end result is the same, and it is a term that the general public is more likely to have heard. "Script injection" doesn't mean anything to to the average consumer.

reactordev on Nov 12, 2020 [–]

Script injection is bad and all but doesn’t convey the fact that sensitive data is being sent to 3rd parties. Skimming, or card skimmer, immediately triggers thoughts of exfiltration.

I support the use of the term in this case.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact