Virtual Card Skimming Poses a New Security Threat for Ecommerce Sites

Virtual Card Skimming Poses a New Security Threat for Ecommerce Sites

August 29, 2019         Written By Bill Hardekopf

After just 2.5 hours of research, Arxan Technologies found security holes on more than 80 global ecommerce sites. These retailers were unknowingly sending payment information to off-site servers through a process known as formjacking.

What Is Formjacking?

Formjacking is a form of virtual card skimming. Hackers insert malicious coding into the checkout area of an ecommerce site, directing a copy of the payment information to their servers. The codes are usually tied to a “submit” button, or some other step at the end of the transaction.

Much like traditional credit card skimmers, these codes can be difficult to detect. They may remain on a website for months or even years before someone notices them. By that time, the hackers could have collected countless credit card numbers, names, addresses, etc.

What Do Hackers Do with Collected Data?

Typically, a hacker will not sell or use the payment information right away. This would make the formjacking easier to detect and shut down. Rather, the hacker will sell the information on the dark web or wait a while to use the card details.

Data stolen through formjacking is often used for card-not-present fraud, an issue that has become increasingly popular since America transitioned to chip cards. Smartchips make card data difficult to duplicate, so criminals are unable to create physical card duplicates. With card-not-present fraud, a physical card is not required. The criminal can simply input the card details online and complete a transaction.

How Can Ecommerce Sites Prevent Formjacking?

Cybersecurity companies are constantly adapting their systems to combat new threats. In order to avoid formjacking, ecommerce sites must implement multiple layers of security and run frequent security checks on their websites and apps. If a virtual card skimmer is detected, the coding should be removed immediately, and customers should be notified of the incident.



The information contained within this article was accurate as of August 29, 2019. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.


bill-hardekopf

About Bill Hardekopf

Bill Hardekopf is the CEO of LowCards.com and covers the credit card industry from all perspectives. Bill has been involved with personal finance for over 15 years. He is a frequent contributor to Forbes, The Street and The Christian Science Monitor.
View all posts by Bill Hardekopf
Featured Low Interest Card
Top Features : 1.25X miles on every purchase; no annual fee; bonus of 20,000 miles once $1,000 is spent in first 3 months
Featured Cash Back Card
Top Features : No Annual Fee, Bonus Offer, Cash Back
Featured No Annual Fee Card
Top Features : Earn cash back twice. 1% when you buy plus 1% as you pay; 0% APR for 18 months on balance transfers
Featured Bad Credit Card
Top Features : No Annual Fee; Cash Back match at the end of your first year; Social Security Alerts
Featured Fair Credit Card
Top Features : No annual fee; access to higher credit line after making first 5 monthly payments on time
Featured Limited/No Credit
Top Features : No annual fee; reports to major credit bureaus; access to higher credit line after making first 5 monthly payments on time