How Online Skimming Steals Payment Information
September 9, 2019

Online skimming is currently one of the biggest persistent threats affecting retailers and service providers. These attacks infect e-commerce websites with malicious code to steal payment information. One of the biggest perpetrators of online skimming attacks is Magecart, a group of bad actors that target payment websites. Magecart hackers are consistently evolving their techniques. According to research from security researcher Willem de Groot, one in five Magecart-infected stores are re-infected within days.

Source: Willem de Groot

How Do Online Skimming Attacks Work?

1. Gain Website Entry

To start stealing information, bad actors need to find a way to gain access to your website. They can do this by exploiting vulnerabilities, phishing for your website credentials or through hacking into a third-party application. The latter is more common as most websites use third-party applications for functions such as live chat or to track visitor traffic. Bad actors prefer to target third-party providers because they can compromise more websites at once. Third-party breaches are also harder to detect because they don’t compromise the merchant directly. Therefore, a merchant may not realize their website has fallen victim to online skimming until its too late.

2. Inject Skimming Code

Once the door is open and the bad actors are inside, they can start injecting malicious JavaScript code to perform online skimming. This code can be customized to target specific websites or enact specific types of behaviour and can be hidden within normal script. Common scripts include the following:

  • Formjacking: Formjacking is when bad actors swap out legitimate payment forms with fake ones so that any information that is typed out in checkout is sent to another server.
  • Keyloggers: Keylogging scripts are used to record keystrokes to steal information. Bad actors can use keyloggers to determine credit card numbers or passwords.

Regardless of the type of malicious script, the goal is always the same: to steal information.

3. Steal the Payment Data

Once the malicious code is injected, it will lie within the website’s code until it’s triggered by a customer submitting payment information during checkout. Any information submitted is either stored locally on the compromised website or sent remotely to a command server controlled by the bad actors.

Any data harvested by the hackers can be used in a variety of ways. Some may use stolen credit card information to commit fraud or identity theft. Others will most likely sell the data on the dark web.

How to Protect Your Website

Companies with e-commerce websites and third-party providers are at most risk to being hit with online skimming attacks. In order to protect your business, you need to have detection and prevention best practices in place.

Detection Best Practices

1. Perform a risk assessment: A risk assessment will help detect vulnerabilities by scanning your website for any security gaps.

2. Review code: Taking some time to review your website code for any malicious scripts can help detect them before they compromise your website.

3. Review security logs: SIEM can help detect and monitor your networks for suspicious activity by producing security logs that can be analyzed for review. To learn more about our SIEM, contact us today.

Prevention Best Practices

1. Data encryption: All customer payment information should be securely encrypted to prevent bad actors from reading data.

2. Always patch systems: Staying up-to-date with the security patches for your systems and software will help prevent bad actors from exploiting potential vulnerabilities.

3. Review third-party partners: When deciding to implement third-party apps, you need to do your research. Companies that work with payments need to be PCI compliant and you should monitor for their status. You should also assess the types of third party scripts you’re including in your website and determine whether they are actually necessary. Including unnecessary additional scripts make your website more vulnerable to online skimming attacks.

You May Also Like…


Submit a Comment

Your email address will not be published. Required fields are marked *

Solutions to Grow Your Business

We've got you covered with our comprehensive portfolio of solutions.

Cybersecuirty Solutions

Cyber Incident ​Response
Endpoint Detection and Response (EDR)
Extended Detection and Response (XDR)
Firewall Security
Mail Security
Penetration Testing Services
Security Baseline Assessment
User Defence
Vulnerability Detection Response (VDR)
Wi-Fi Security

Backup & Recovery Solutions

Hybrid Backup
Enterprise Backup
Mail Archiving

Public & Private Cloud Solutions

Azure Management and Monitoring
Microsoft 365 Administration
Private Cloud
Microsoft CSP

Helpdesk & Field Services Solutions

Professional Services & Consulting Solutions

Monitoring & Management Solutions

Hardware Maintenance Solutions

Application Management Services



Your partner in digital transformation

Helping the next generation of MSP and IT solution providers transform and grow.

businessmans handshake

Types of Partners

Managed Services Provider (MSP)

Internet Service Provider (ISP)

Value Added Reseller (VAR)

businessmans handshake

Partnership Overview

Jolera’s partner program offers flexibility to engage with us on your terms. We have spent more than two decades building award-winning best in class partner enablement and turnkey end-customer solutions for you.

Partner Program

Jolera has three partner programs to choose from: Select, Preferred and Premier.

Learn about us and the legacy we have created

At Jolera, we treat each MSP partner with specialized care. With more than 20 years of IT experience, we offer the latest technology to navigate cloud, security, endpoint, and storage needs.

vintage pocket watch vintage background concept

About Us

Jolera is widely recognized as a global managed services leader. We started as managed services provider over 20 years ago and have been at the forefront of managed services innovation ever since.


Our People

As a service provider our main goal is to make the customer happy. For that final goal, we need passionate and happy people working with us – Our People Are Our Biggest Asset.


Our Leaders

We are performance driven at the core - tying together best of breed technology and industry leading expertise with pragmatic processes built to deliver outcomes.

Meet Our Leaders!