What is Formjacking & What Can Your Business Do to Prevent It?


What is Formjacking & What Can Your Business Do to Prevent It?

Technology is constantly evolving. In the past few years alone, huge strides have been made in augmented reality, real-time language translation, and artificial intelligence. Unfortunately, malicious technologies—identity theft and credit card fraud, especially—seem to be advancing just as quickly as helpful technologies.

In recent years, e-commerce businesses have found themselves facing down an endless barrage of ever-changing cybersecurity issues. Following in the footsteps of ransomware and cryptojacking, the latest threat is called formjacking and it’s already posing a massive risk to online businesses and their customers. In 2018, formjacking compromised 4,818 websites every month. Here’s what you need to know:


What is formjacking?

Formjacking is a form of “virtual skimming”—a practice in which fraudsters intercept information that is input on a site. Think of all the information you supply when shopping online. Your credit card number, name, address, log-in credentials . . . If an e-commerce site has been compromised, all that information can be funneled onto a server to be sold or used for future fraud. And until that information is actually utilized, it’s virtually impossible to know it’s been stolen.

Compared to other forms of online fraud, formjacking is “relatively simple to carry out.” A formjacker plants malicious code on a site, and when information is entered, it’s sent directly to the fraudster. For consumers, a formjacked site is imperceptible, so it’s up to website owners to secure their sites.


What businesses are being targeted?

Any entity operating a website or accepting payments online is at risk of formjacking. British Airways and Ticketmaster have already been the victims of high-profile formjacking breaches. However, according to Symantec’s 2018 Internet Security Threat Report, small and medium-sized businesses are the most likely to be targeted by formjacking attempts.  Smaller businesses typically have less comprehensive cybersecurity than their larger counterparts, and this makes them vulnerable.


How can you prevent formjacking on your own website?

Detecting formjacking can be incredibly difficult, as submission forms will remain fully operational while funneling information to fraudsters. That’s why, with formjacking, prevention is key.

To protect your business and the data of your customers, you’ll first need to secure your own website. Tools that will alert you when changes are made to the code on your site are priceless in the fight against formjacking. And, of course, you should follow web management best practices to keep your site safe. It’s also recommended that site scans, like the ones conducted by reputable PCI vendors, are utilized to catch any vulnerabilities before they’re exploited.

Finally, you’ll need to confirm that third-party apps and plug-ins are free of malicious code. Before rolling out updates to your customers, you or your web developer should test all new code to look for anything unusual or unfamiliar.


Final Thoughts

Formjacking is just the newest, shiniest hazard in a long line of cybersecurity threats. But unlike technology, the consequences of a data breach haven’t changed. If you don’t take steps to secure your shoppers’ information, you’re at risk of losing their business and your hard-earned money.

Ask yourself, if you believed that a business hadn’t taken precautions to protect your personal information, would you continue shopping there? It’s up to business owners to prevent formjacking, and it’s in everyone’s best interest that they do so. Want to learn more? Here are 10 ways to stay secure when accepting credit cards online.

BASYS Processing as a business partner

If your current credit card processing provider isn’t meeting your goals in terms of low fees and exceptional service, please call BASYS Processing at (800) 386-0711.  Let’s talk about creating a true business partnership that will help you meet and exceed your goals for accepting credit cards and other payments.  We make accepting debit cards and credit cards convenient, safe & affordable.

BASYS Processing features:

–  Live operator when you call support – no automated voice systems
–  Dedicated Relationship Manager for questions and concerns
–  Quick response time for your questions and concerns; you are a priority
–  Family owned since our founding in 2002
–  A+ BBB rating
–  90% + Customer Retention Rate
–  Proactive contact with every merchant to walk through the annual PCI process
–  In-house PCI Team to assist with questions and concerns
–  Solutions including terminals, virtual terminals, e-commerce, mobile, and point of sale
–  EMV compliant products
–  Reporting for customer, sales, and inventory management
–  Gift and loyalty card programs
–  Easy-to-read statements
–  Transparent pricing
–  Tremendous savings


About BASYS Processing

BASYS Processing provides credit card and debit card processing services, and solutions that include terminals, virtual terminals, e-commerce, mobile, and point-of-sale, customized to fit any need.  Banksassociations, and software partners depend on us to strengthen their reputations and relationships with their customers by providing remarkable service paired with ultimate flexibility and pricing. Merchants depend on us to make accepting credit cards and debit cards convenient, safe & affordable. BASYS was founded in 2002 on one philosophy: to take care of our merchants, partners, and employees so they never want to leave. We are dedicated to working one-on-one with our customers to design the perfect solution. BASYS is Personalized Payment Processing.

Learn more at basyspro.com, and connect with us online at: