Web Skimming and the Retail Sector

Numerous merchants have experienced security breaches due to web skimming attacks, inadvertently enabling attackers to obtain the credit card details of their customers.

Online shopping platforms are at risk of web skimming, a concerning phenomenon that is on the rise. Cybercriminals are continually improving their techniques to infiltrate e-commerce websites and implant malicious software to unlawfully obtain customers’ personal data and financial resources.

What Does the Term ‘Web Skimming’ Mean?”

A web skimming attack can be seen as the digital equivalent of card skimming in physical locations. Cybercriminals focus their attention on online shoppers, surreptitiously obtaining credit card or payment information from individuals visiting a website and making a purchase.

Cyber attackers deploy malevolent JavaScript code onto online payment platforms, in which they then take control of the payment process, redirecting it to their own fraudulent payment page without the users’ knowledge. Once the unsuspecting consumers provide their financial information, the attackers redirect both the user and the data to their personal servers for further exploitation, understanding what is skimming in cyber security, and implementing measures against it, can help businesses protect their online platforms

Shopping carts are often targeted because they gather payment details from customers, making them an appealing target for cybercriminals. If malware is able to access this data stream, it provides an effortless means for cybercriminals to collect credit card information.

What is the Mechanism Behind Web Skimming?

Attackers often exploit weaknesses in e-commerce platforms and Content Management Systems in order to gain unauthorised access to specific pages where they can implant their skimming script.

Web skimming generally focuses on platforms such as Magento, PrestaShop, and WordPress, which are commonly preferred for online stores due to their user-friendly nature and compatibility with third-party plugins.

The process of Online web skimming attacks can be broken down into three stages.

Step 1 – Obtain (Unnoticed) Entry to User Data

In Online web skimming attacks, perpetrators begin by implanting a skimming code, typically in the form of JavaScript. This code is concise and appears harmless, often imitating genuine procedures and functions employed by developers in the creation of e-commerce websites. The capabilities of cyber criminals to conceal their technical manoeuvres behind authentic-looking code are growing more sophisticated, allowing them to often go unnoticed until significant damage has already occurred.

Typically, they acquire website information through two primary methods.

Knowledgeable hackers employ two primary methods to gain unauthorised access to a website. Firstly, they may engage in direct hacking by inserting skimming code onto the website, often through a brute-force attack. This automated process attempts various login credentials until the correct combination is identified, granting access to a company account with administrator privileges. Alternatively, hackers may exploit existing software vulnerabilities, also referred to as ‘zero-day vulnerabilities’.

Supply chain attacks occur when a single vendor, providing services to numerous e-commerce stores, gets infected by hackers. A notable example is the unintentional injection of the Magecart skimming code by the French online advertising platform, Adverline, affecting hundreds of client vendors in 2019.

Phase 2 – Gather Confidential Information from Customers

Once hackers manage to gain unauthorised entry, they proceed to pilfer personal information from website users. The primary techniques employed for this nefarious purpose are the utilisation of bogus forms and keylogging, as these methods grant direct access to authenticated and precise data.

Fraudulent forms, commonly referred to as ‘formjacking,’ involve hackers seizing control of the payment forms consumers use. By sending the manipulated form to the retailer, the hacker simultaneously gains access to the customer’s data, which is then transmitted to the hacker’s servers.

Keylogging involves capturing the keystrokes made by users on a keyboard. When individuals input their login information on a payment form, hackers can observe the specific keys pressed. This technique allows hackers to retrieve passwords and credit card numbers, even if the merchant has effectively encrypted the data.

Step 3 – Securely Save the Pilfered Information

Once this point is reached, the stolen data is typically transmitted to a proxy domain. This serves as a method for perpetrators to conceal their actions and maintain the secrecy of their online skimming attacks against retailers since the domain often imitates the genuine website.


Magecart, a cybercrime syndicate that was initially detected in 2010, has experienced significant growth over the years. With numerous subgroups under its umbrella, Magecart has garnered attention from media outlets due to its impact on a large number of websites. This syndicate is widely recognized within the security community and has emerged as a global cybersecurity issue.

Magecart attacks present a unique challenge for online retailers, as they have not encountered anything like it before. These attacks involve the insertion of malicious code into a website without directly accessing its server. Magecart also pertains to the JavaScript code injected by these groups.

Recently, there has been an increase in payment card skimming attacks targeting major organisations like Ticketmaster, British Airways, Tupperware, and NutriBullet, with Magecart being identified as the primary culprit. This group has been responsible for perpetrating such attacks over the past few years.

British Airways Breach

In 2018, a form of fraudulent software known as payment card skimming was utilised on the British Airways website, resulting in the compromise of over 380,000 credit cards. This security breach persisted for a period of three weeks and had significant repercussions for the airline. As a result of this incident, the company incurred losses totalling over $1 billion, which encompassed expenses related to mitigating the effects of the attack, fines imposed for violating the General Data Protection Regulation (GDPR), and other payments made to address the situation.

Based on your provided parameters, here is the paraphrased text:

Ticketmaster Hack

Web skimming targeted Ticketmaster in 2018 and compromised the personal data of over 40,000 customers. The breach occurred due to a third-party vendor who made changes to a specific line of JavaScript code tailored to Ticketmaster’s needs. This code was utilised on Ticketmaster’s payment page, enabling hackers to obtain payment information and user data.

Tips for Safeguarding Against Web Skimming Attacks

Numerous organisations possess limited knowledge about their online assets and the manner in which their users engage with them. As a result, web-based cybersecurity risks have emerged as the preferred approach for hackers to exploit organisations, their staff, and their clientele.

To effectively safeguard your website from unauthorised access, it is crucial to regularly update your operating systems and software by installing the latest security enhancements. Additionally, implementing access management protocols, conducting external penetration monitoring, and conducting periodic evaluations of your vendors can significantly enhance your site’s protection against web skimmers.

Having some form of malware protection and ensuring regular security updates for all the software you utilise are essential measures to safeguard your digital ecosystem.

To enhance security measures, it is advisable to limit access to essential functions only, while blocking all other website access by default. Additionally, a strong and reliable multi-factor authentication process should be implemented for accessing the system components of the website, rather than relying solely on basic and easily guessable passwords.

The subsequent set of guidelines and recommendations can assist individuals in enhancing their security measures and thwarting web skimming attacks.

  • Recognize all the external e-commerce and online advertising providers you are using.
  • Keep track of all external scripts running on your website.
  • Keep track of modifications to website code.
  • Deploy client-side web skimming solutions.
  • Implementing an efficient patch management strategy is crucial for conducting thorough scans to identify web vulnerabilities.
  • Implement multi-factor authentication.
  • Configure a firewall correctly
  • Deploy a bot management solution to prevent browser-based bot attacks


By possessing a comprehensive comprehension of the mechanics behind web skimming and the effective strategies to prevent it, e-commerce enterprises are better equipped to outpace Magecart and other web skimming vulnerabilities, thereby ensuring customers with the desired level of security confidence.