Virtual Card Skimming Poses a New Security Threat for Ecommerce Sites

Virtual Card Skimming Poses a New Security Threat for Ecommerce Sites

August 29, 2019         Written By Bill Hardekopf

After just 2.5 hours of research, Arxan Technologies found security holes on more than 80 global ecommerce sites. These retailers were unknowingly sending payment information to off-site servers through a process known as formjacking.

What Is Formjacking?

Formjacking is a form of virtual card skimming. Hackers insert malicious coding into the checkout area of an ecommerce site, directing a copy of the payment information to their servers. The codes are usually tied to a “submit” button, or some other step at the end of the transaction.

Featured Fair Credit Card

Top Features:

All credit types welcome to apply!

Much like traditional credit card skimmers, these codes can be difficult to detect. They may remain on a website for months or even years before someone notices them. By that time, the hackers could have collected countless credit card numbers, names, addresses, etc.

What Do Hackers Do with Collected Data?

Typically, a hacker will not sell or use the payment information right away. This would make the formjacking easier to detect and shut down. Rather, the hacker will sell the information on the dark web or wait a while to use the card details.

Data stolen through formjacking is often used for card-not-present fraud, an issue that has become increasingly popular since America transitioned to chip cards. Smartchips make card data difficult to duplicate, so criminals are unable to create physical card duplicates. With card-not-present fraud, a physical card is not required. The criminal can simply input the card details online and complete a transaction.

How Can Ecommerce Sites Prevent Formjacking?

Cybersecurity companies are constantly adapting their systems to combat new threats. In order to avoid formjacking, ecommerce sites must implement multiple layers of security and run frequent security checks on their websites and apps. If a virtual card skimmer is detected, the coding should be removed immediately, and customers should be notified of the incident.

The information contained within this article was accurate as of August 29, 2019. For up-to-date information on any of the terms, cards or offers mentioned above, visit the issuer's website. Many of the offers on this article are from our affiliate partners, and LowCards.com may be compensated if you take action with any of our affiliate partners.

Review LowCards.com Editor’s Top Cards!

2020 Top Credit Cards by Category
Featured Fair Credit Card
Reflex Mastercard® Credit Card
EDITOR RATING
Featured Fair Credit Card
Reflex Mastercard® Credit Card

Applying for this card will securely direct you to the issuer's website.

Top Features: All credit types welcome to apply!

Featured Secured Card
Assent Platinum 0% Intro Rate Mastercard Secured Credit Card
EDITOR RATING
Featured Secured Card
Assent Platinum 0% Intro Rate Mastercard Secured Credit Card

Applying for this card will securely direct you to the issuer's website.

Top Features: Intro APR Offer on Purchases, No Annual Fee For First Year

Featured Bad Credit Card
First Digital NextGen Mastercard® Credit Card
EDITOR RATING
Featured Bad Credit Card
First Digital NextGen Mastercard® Credit Card

Applying for this card will securely direct you to the issuer's website.

Top Features: Reports to all three credit bureaus, perfect credit not required for approval

Featured Good Credit Card
Petal® Visa® Credit Card
EDITOR RATING
Featured Good Credit Card
Petal® Visa® Credit Card

Applying for this card will securely direct you to the issuer's website.

Top Features: No fees whatsoever. No late fee, international fee, annual fee, or any-other-kind-of-fee, fee


bill-hardekopf

About Bill Hardekopf

Bill Hardekopf is the CEO of LowCards.com and covers the credit card industry from all perspectives. Bill has been involved with personal finance for over 15 years. He is a frequent contributor to Forbes, The Street and The Christian Science Monitor.