Pipka was actually running on a website already infected with another skimmer, named Inter. Pipka lets attackers see what form fields are parsed and extracted, and that includes incredibly important data such as payment account number, expiration date, CVV, and cardholder name and address.
Moreover, Pipka is not a proof of concept. It was already running in the wild when the researchers from Visa Payment Fraud Disruption’s (PFD) eCommerce Threat Disruption (eTD) program found it. Which only means that it might be more widespread.