What is Formjacking?
Formjacking (also associated with Magecart attacks) involves injecting malicious JavaScript into legitimate e-commerce websites, typically targeting the checkout page. When customers enter payment information, the malicious script captures and transmits card numbers, expiration dates, CVV codes, and billing addresses to attacker-controlled servers—while the legitimate transaction proceeds normally. Victims and merchants often have no indication theft occurred until fraudulent charges appear. Attackers compromise websites through vulnerable third-party scripts (analytics, advertising, chat widgets), compromised content delivery networks, or direct exploitation of e-commerce platform vulnerabilities. A single compromised website can yield thousands of payment cards, which are sold on dark web marketplaces or used for fraud.
Business Impact
Formjacking attacks are particularly damaging because they’re invisible to both merchants and customers during the transaction. Merchants face payment card industry (PCI) compliance violations, forensic investigation costs, customer notification requirements, potential fines, and reputational damage. British Airways faced a £20 million fine after a Magecart attack compromised 380,000 payment cards. Customers lose trust in e-commerce when their cards are compromised on legitimate sites. The supply chain nature of many attacks—targeting third-party scripts used by thousands of sites—means a single compromise can affect multiple merchants simultaneously.
Allure Security's Approach
While formjacking primarily targets the infrastructure of e-commerce sites, brand protection monitoring can detect when stolen payment data or compromised credentials from your customers appear on dark web marketplaces. Additionally, monitoring third-party scripts and website integrity helps identify compromises before they impact customers. Understanding the broader formjacking ecosystem informs threat intelligence about groups targeting retail and e-commerce brands.