Discover Ecommerce Solutions
Everyday, hackers quietly steal data from thousands of webpages in web skimming attacks. Also known as Magecart, formjacking, and JavaScript skimming, web skimming falls under the umbrella of supply chain attacks and costs retailers hundreds of millions of dollars in damages.
Web skimming is difficult to detect and prevent. It takes place outside of servers and firewalls, in the rendered code of the client-side browser. Additionally, traditional security tools and policies were not designed to detect web skimming or to work in dynamic environments like online retail shopping carts.
SecurityMetrics Analysts discovered the root of these attacks and have developed a patented web skimming solution: Webpage Integrity Monitoring (WIM) technology. WIM technology can detect web skimming at the moment it is triggered and will alert a merchant if a webpage has been compromised.
Targeted
Accurate
Comprehensive
No Downtime
24/7 Technical Support
WIM finds hidden vulnerabilities only present on shopping cart webpages.
WIM technology gives you high confidence in your purchase page integrity.
WIM checks for all types of web skimming on all types of shopping cart technology.
Merchant is not require to alter or modify webpages in any way to use WIM technology.
SecurityMetrics Support Agents are friendly and available to you 24/7. Their support is backed by over 20 years of industry experience.
Cybercriminals know when your patches and software support expire, and they count on the resulting vulnerabilities to perform coordinated zero-day exploits.
They commonly hack into smaller third parties with less security–like page analytics or ad providers–and insert small snippets of JavaScript that will be brought into the dynamic payment processing environment of a checkout page. This script is malicious and is coded to copy data from form fields on checkout webpages.
There are no red flags or signs that a webpage contains malicious code. Consumers cannot detect web skimming, and it's very difficult for merchant or payment processor to know something is wrong.
The customer will fill out and submit the payment information as usual.
The malcious code snippets are programmed to trigger when a customer performs a specific action–like entering data in the address or CVV field.
Once triggered, the code scrapes the user's information and sends it to a location of the attacker's choosing; likely a database where it will be packaged and sold on the dark web.
Web skimming takes place at the moment of checkout, in a dynamic environment, and beyond the reach of antivirus, vulnerability scanning, and file integrity monitoring (FIM). SecurityMetrics patented web skimming solutions and services use the following steps to detect and prevent the theft of sensitive payment data:
WIM technology simulates a purchase on your webpage.
The program automatically searches the client-side browser code for irregular JavaScript.
WIM technology determines if JavaScript is malicious or legitimate.
If code is malicious, an alert is sent to the client.
WIM technology is protected by any or all of the following patents and other pending applications: U.S. Patent No. 10,289,836.
Whether your online business is small or large, if you take payments online, your customers' data is vulnerable to web skimming. But, these attacks are preventable.
WIM technology products and services are scalable and customizable for all businesses and industries.
For over 20 years, SecurityMetrics’ Forensic Team has helped merchants recover from crippling data breaches and security incidents. Our team has inspected thousands of web pages for ecommerce skimming. Our analysts monitor current hacking trends and continually adjust the Webpage Integrity Monitoring technology
If your business has ecommerce web pages and you would like to know if you’ve been compromised, please contact us below.
.pdf.transform/resourceList/img.jpg)
The WIM product has allowed us to help our smallest, most vulnerable merchants identify and address data security issues quickly. Our conversations have been much more meaningful as a result of this analysis.
