Find out more about webpage integrity monitoring

Webpage Itegrity Monitoring/banner-webpage-integrity-monitoring

Webpage Integrity Monitoring (WIM)

Webpage Integrity Monitoring (WIM)

WIM technology helps you detect and prevent formjacking on your ecommerce site.

What is Formjacking and How Can You Detect It?

Formjacking, also known as JavaScript skimming or card skimming, is a type of cyber attack where hackers use JavaScript code to steal payment card data from an e-commerce website. When a site visitor enters their payment card information into a form and hits submit, that malicious code collects the payment card number–as well as other information like the customer’s name, address, and phone number. The code then sends this information to another location of the attackers’ choosing.

Webpage Integrity Monitoring Solutions

Webpage Integrity Monitoring technology is used in two products, Shopping Cart Inspect and Shopping Cart Monitor.

  • Shopping Cart Inspect: One time evaluation of shopping cart to detemine threats
  • Shopping Cart Monitor: Ongoing evaluation of shopping cart to determine threats
WEBSITE INTEGRITY MONITORING
SHOPPING CART
INSPECT
SHOPPING CART
MONITOR
Total number of card data found
Files containing card data
Light on system resources
Immediate summary results
Fast Scans (1-3 GB/minute)
Tuned to reduce false positives
Unlimited scanning (per machine)
Technical support
View card type
View track data
View file path to payment card data
Navigation to cardholder data
Mark files as false positives

SECURITYMETRICS WIM COMBINES MULTIPLE PRODUCT BENEFITS INTO ONE

Vulnerability Assessment Scanning

VA scans help you block initial infection, but struggle with JavaScript compromise detection. VA scans can’t get into the checkout page by selecting items to purchase and filling in address information, which is needed before the exploit appears on the checkout page.

Forensic Investigation

Malicious JavaScript skimming code is often hidden and difficult to detect. Like common forensics services, WIM provides the following:

  • Web scripts analysis
  • Web connection analysis
  • Virus/malware analytics
  • RAM analytics

File Integrity Monitoring

FIM isn’t effective against JavaScript skimming since databases, adware, or third-party links can be used to inject malicious code and these sources are often not monitored by FIM solutions. Like FIM, WIM provides the following:

  • Regular reviews for changes
  • Shows code changes
  • Allows new baselines

Penetration Testing

In a checkout state, you may have a different security environment than what your penetration test was testing against. Like penetration testing, WIM provides the following:

  • Application layer analysis
  • Exploitation attempts against vulnerabilities
  • Checks for outdated patches in shopping cart

The Solution to Formjacking: Webpage Integrity Monitoring

Locate Malicious Code On Your Website

SecurityMetrics’ Webpage Integrity Monitoring (WIM) is a patented technology capable of finding and mitigating malicious code on your website. This is especially important on payment pages where consumers are entering their payment card information. If WIM locates malicious code on your website, it will send out an alert to your staff. By using WIM, you will ensure that your site’s purchase page stays secure.

Shopping Cart Inspect software or services provided by SecurityMetrics may be protected by any or all of the following patents and other pending applications:
U.S. Patent No. 10,289,836

Do What FIM, Anti-Virus, And ASV Scans Can’t

There is no way for a consumer to detect a formjacking attack while it’s happening, and it’s very difficult for the merchant or payment processor to notice. When the code on an e-commerce shopping cart is compromised, it can go unnoticed for a long time before someone discovers it through manual searching.

FIM, vulnerability scanning, and anti-virus, while still important, aren’t effective at monitoring for vulnerabilities at the moment of checkout in a shopping cart.

  • What makes WIM different from FIM? File Integrity Monitoring (FIM) tracks changes to the source code and is effective at detecting changes to otherwise unchanging environments, but FIM can’t help you detect changes made once that source code is rendered in a browser.
  • What makes WIM different from anti-virus? Anti-virus can alert the customer when their information is posted to a known bad website, but it doesn’t alert the merchant.
  • What makes WIM different from an ASV scan? An ASV scan can’t trigger any of the fields in a checkout page form.

Related Links

  • Resource Center COVID-19 Cyber Attacks Security Update Center

    We recognize that businesses everywhere are operating in uncharted territory. Amid the chaos and uncertainty, SecurityMetrics remains steadfast in our mission to help you close compliance gaps and prevent data breaches. We stand ready to help with your security concerns, education, and content needs at this time.

  • Guide SecurityMetrics Guide to PCI DSS Compliance

    The SecurityMetrics Guide to PCI DSS Compliance will help you understand current PCI requirements and trends, so that you can better protect data from inevitable future attacks.

  • Guide SecurityMetrics Guide to HIPAA Compliance

    We intend our guide to be a “deskside” reference for the day-to-day and recurring demands of HIPAA compliance. It’s meant to strike a balance between generally informative and specifically practical. Those who use our guide report that it is “thorough and detailed-oriented. Very helpful.”

  • Academy SecurityMetrics Academy

    Academy contains videos, quizzes, and external resources on topics like security policies and encryption. Our intent is to help SMBs like franchisees, small merchants, and healthcare practices address specific cybersecurity risks businesses may face.

  • Podcast SecurityMetrics Podcast

    The SecurityMetrics Podcast is intended to help businesses of all sizes as well as individuals–whether security professionals or not. We want to break security concepts down well enough that anyone can understand the top cybersecurity threats and how to deal with them.

     

Request a Quote for SecurityMetrics WIM

Request a Quote for SecurityMetrics WIM