If a site is particularly vulnerable, it may even be subject to a man-in-the-middle attack. This occurs when an unauthorized third party positions itself between the sender of sensitive data and the recipient of the data. So while a payment platform is collecting information, a hacker sees the information being transferred.
Hackers may also resort to malicious redirection. So while visitors believe that they’re going to their favorite shopping site, they may be diverted to a fake site where they’re vulnerable to attack.
Once the information is obtained, hackers can commit synthetic identity theft, in which the attacker impersonates someone using their personal information. Malicious attackers often target customers, but could also pose a threat to ecommerce merchants. If a fraudulent order is accepted, the merchant could stand to lose not only merchandise but also be slapped with a chargeback fee, which occurs when a purchase is forfeited.