Web Security

Are my checkout forms filling attackers' shopping bags this holiday season?

October 3rd, 2023 | By Jscrambler | 6 min read

E-skimming attacks have become attackers’ favorite strategy for stealing payment card data. E-commerce skimming cases increased 174% in the 2022 June-November period compared to December 2021 and May 2022 (read Visa Spring 2023 Biannual Threats Report).

All e-commerce companies are at risk. Why?

E-commerce skimming is flourishing, with the majority of e-commerce sites exposed. 75% of all breaches Visa investigated last year involved e-commerce sites, with digital skimming attacks at the top.

Recognizing the inherent vulnerability of e-commerce websites and their web forms is vital to enhancing client-side security and keeping attackers away. Staying ahead of e-skimming attacks on the checkout pages is one of the challenges.

There are currently between 12 and 24 million online retailers worldwide. Moreover, if each of these online retailers includes at least two web forms in their e-commerce stores, the number of potential risks becomes overwhelming.

How many people are shopping online in 2023?

One in three people you see around you is an online shopper. In other words, 33.3% of the population worldwide belongs to the digital buyer category.

People shopping online has been growing over the past few years. 2023 has 80 million more digital buyers than in 2022, a 3.1% year-over-year increase.

The holiday shopping season, including Singles’ Day in China (and now, more widely), Black Friday, and Cyber Monday, with huge discounts, helps to spur shoppers to hop on the online shopping bandwagon.

More online sales, more security threats

The forecasts are that the number of online shoppers will continue increasing, rising to 2.71 billion in 2024 and 2.77 billion in 2025. The number and value of online sales are also on an upward trajectory. In 2024, e-commerce global sales will likely surpass $7 trillion in value.

Therefore, the potential of revenue for online retailers is tremendous, and the risks of e-commerce skimming attacks and e-commerce fraud increase along with it. Remember: The checkout pages are malicious actors' favorite online store.

The good news and the bad news

The bad news is that third-party scripts and add-ons powering your business and website experience, such as chatbots and pixels, increase the surface area exposure for data leakage and web supply chain attacks.

The good news is that you can significantly mitigate the risk of data loss and e-skimming attacks by taking the proper security steps.

Three simple steps to website risk visibility with Jscrambler

Is your e-commerce or retail business aware of all the third-party scripts running your online storefront during the holiday shopping season? Do you understand how they are behaving, if data is being shared with digital partners, or worse, unknown domains?

In time for the upcoming holiday season, Jscrambler offers e-commerce and online retail businesses an easy way to ensure a secure checkout experience that customers can trust.

Follow these three steps to start your journey to a secure digital shopping experience.

  1. Provide your e-commerce URL.

  2. Receive and review a free inventory report detailing all scripts running on checkout pages.

  3. Hear from a Jscrambler specialist to verify if your forms are leaking data.

The free inventory report is yours to keep and share with your team. Here is some additional value you will receive from the report:

  • Get a snapshot of all third-party scripts on your e-commerce checkout pages and their network requests.

  • Understand script behaviors on your website.

  • Identify gaps outside of your web security perimeter.

  • Verify if your customers' sensitive data, credit card information, and PII are safe.

  • See details of scripts displaying signs of misbehavior.

And more!

Connect client-side security with customer experience in one of the busiest times of the year: The holiday season. From Singles’ Day to Black Friday worldwide, identify the vulnerabilities of your web supply chain to stay ahead.

Why do secure e-commerce stores matter?

  • 41% of consumers trust digital service providers to keep personal data secure. 

  • 78% of online shoppers think twice about buying from an online retailer after a breach.

  • 75% of VISA breach investigations target e-skimming and third-party integrations on websites


  • How consumers feel about retail data breaches - Help Net Security.

  • Visa biannual threats report.

Three questions to ask about your e-commerce store and client-side security

  • Are you aware of all third-party scripts running on your checkout pages?

  • How many third parties are on your e-commerce site?

  • How do you monitor and control potential web skimming behaviors?

Increase your visibility with Jscrambler Webpage Integrity. It is an easy and quick solution with real-time monitoring that facilitates compliance with the new PCI DSS v4.0 requirements for digital skimming protections.

Protect your business. Close the door to malicious actors' favorite online store: Your Checkout Forms! Explore our e-commerce security infographic for more insights and tips.

e-commerce-security-and-payment-page-security-infographic-jscramblerDownload the infographic about e-commerce security.


The leader in client-side Web security. With Jscrambler, JavaScript applications become self-defensive and capable of detecting and blocking client-side attacks like Magecart.

View All Articles

Must read next

PCI DSS Web Security

Preventing Skimming Attacks and Enabling PCI DSS Compliance

E-commerce skimming = the majority of attacks against payment card data. The newest version of PCI DSS contains requirements aimed at preventing attacks.

June 21, 2022 | By John Elliott | 5 min read

Web Security

E-skimming Attacks and the Reconciliation with Client-side Security

E-skimming attacks are client-side attacks that involve placing code onto a web page to steal sensitive data inputted by users into web forms.

September 19, 2023 | By | 9 min read

Section Divider

Subscribe to Our Newsletter