Glossary
E-skimmer
An e-skimmer is a type of malware specifically designed to target e-commerce websites by covertly capturing and extracting payment card details entered by customers during the checkout process. Similar to how a physical skimming device captures data from credit cards at an ATM or gas pump, an e-skimmer digitally intercepts data on a merchant’s website without the knowledge of either the merchant or the customer.
Once installed, the e-skimmer operates by embedding malicious code into the web pages of the checkout process or payment forms. As customers input their payment information, the e-skimmer records this sensitive data, which typically includes credit card numbers, expiration dates, and CVV codes. This stolen data is then transmitted to the fraudsters, who may use the information themselves to make fraudulent purchases or sell it on the dark web, potentially compromising thousands of users.
E-skimming is also referred to as "formjacking," a term that highlights the hijacking of form data typically used in e-commerce transactions. Websites affected by e-skimmers are at risk of significant financial and reputational damage, as their customers’ payment details are exposed to criminal activities.
To combat e-skimming, it's critical for merchants to maintain robust cybersecurity measures including regular security audits, employing end-to-end encryption for data transmission, continuously monitoring their website for unauthorized changes, and implementing advanced web protection tools. Educating customers about the signs of potential security breaches can also help mitigate the risks associated with e-skimming.