Optimal customer experience and website security can go together

eCommerce websites are experiencing a surge in cyberattacks. They hold a lot of customer data, which makes them a prime target for attackers. Not only are cyberattacks on the rise, but the hacks are now more lucrative than ever for cybercriminals. This is due to the fact that stealing physical credit card data is much harder today than ever before.

Online competition is fierce, making customer experience and maintaining a feature-rich website critical success factors. Online retailers rely on an ever-expanding ecosystem of 3rd party suppliers to enhance and personalize user customer experience, increase engagement, monitor their customers’ journey and behaviors, monitor monetization and so on. 

The average eCommerce website uses 40-60 3rd party tools, with retailers saying they plan to add an average of 3-5 new 3rd party technologies to their sites annually. 

Alongside the benefits of these 3rd party tools, they also provide attackers with an attractive gateway for malicious activity (aka Formjacking, Magecart, JS Skimming). Unfortunately, this means that the more such tools are used, the more risks eCommerce websites take upon themselves. Instead of hacking the eCommerce websites themselves, hackers often attack the 3rd party plugins and use their Javascript to hitchhike the eCommerce website. Checking the security perimeter of an eCommerce site is just not enough. A website is affected by the security perimeter of all of the 3rd party tools it uses. Moreover, it has no control over what’s happening outside the 3rd party circle: there are 4th party circles, 5th party circles and so on, that most website owners are not even aware of. Despite this, eCommerce sites have exponentially increased their dependency on 3rd, 4th and 5th party technologies, sharing confidential and sensitive information with a staggering 583 outside parties on average.

There are different types of attacks aimed at eCommerce websites:

  • Payment card skimming
  • Keylogging
  • Form field manipulation
  • Web injection
  • Phishing
  • Content defacement
  • Clickjacking
  • Malware and ransomware distribution
  • Watering hole attacks

eCommerce is the #1 attacked industry

Formjacking and Magecart attacks can be very wide-ranged and affect millions of people at once, or they can be highly targeted and affect a very specific group of people. This is also one of the reasons it’s so difficult to detect them.

The major implications of such attacks include:

An eCommerce business is required to meet certain standards to be considered “in compliance,” and fines can be levied against a business or its owner if it does not comply with them. 

Financial solvency:
If breached, a business has a whole host of other problems that will impact its bottom line. It may have to pay for a forensic investigation, data recovery services, credit monitoring for impacted parties, and more.

Customer trust:
Customers put a lot of trust in the online retailers they shop with, providing them with personal data and sensitive payment information with every purchase. Earning customers’ trust is critical to a long-lasting relationship, and once lost, earning it back is a very difficult task. That’s why breaches can have a big impact on long term customer loyalty and retention: 64% of consumers say that they are unlikely to do business again with a company from which their personal data was stolen.

Damage to brand reputation:
Reputation is a fragile thing. It takes years to build, and moments to destroy. When a breach occurs, the target audience feels betrayed and angry. The initial cost can be seen in the form of lawsuits, but there is a far greater cost that can last for years. Furthermore, this can negatively affect the business reputation of each person on the executive team and affect their future endeavors. Stocks drop, the team is affected, and revenues plummet. Unlike a fine, which can be paid and forgotten, reputation cannot be fixed so easily. 


Source Defense helps online retailers balance superb customer experience with critical security, without compromising website performance or stability. We create virtual pages that isolate the 3rd party scripts from the eCommerce website. The virtual pages are an exact replica of the original pages, excluding what the 3rd parties are not supposed to see. We monitor all 3rd party script activities on the virtual pages. If the activity is within the premise of what they are allowed to do, we will transfer it from the virtual page to the original page. If not, we will keep their activity on the virtual pages isolated from the user and send a report to the eCommerce website owner, alerting them of the 3rd party scripts that violated their security policy.

With attacks on eCommerce websites on the rise, ensuring that your customers’ payment and personal information is protected should be a priority if you want to avoid the implications of a data breach. Contact us to learn how the Source Defense VICE real prevention solution will protect your website from the growing threat of Magecart, Formjacking, and other digital skimming cyberattacks:

  • Isolating scripts from the page
  • Evading harmful activities
  • Applying best practices
  • Securely enhancing websites
  • Keep benefiting from 3rd parties