Compromises of e-commerce websites are increasingly common. In our 2012 Global Security Report we reported that 20% of our incident response investigations related to e-commerce sites. This was up from 9% the year before. In my part of the world (Asia-Pacific), this figure is closer to 40%. In almost all of these cases the motive was simple - the theft of credit card data.
In order to better defend against e-commerce attacks, we must first understand them better. In our experience, there are three common methods for e-commerce sites to accept payment cards.