What is Formjacking & What Can Your Business Do to Prevent It?


What is Formjacking & What Can Your Business Do to Prevent It?

Technology is constantly evolving. In the past few years alone, huge strides have been made in augmented reality, real-time language translation, and artificial intelligence. Unfortunately, malicious technologies—identity theft and credit card fraud, especially—seem to be advancing just as quickly as helpful technologies.

In recent years, e-commerce businesses have found themselves facing down an endless barrage of ever-changing cybersecurity issues. Following in the footsteps of ransomware and cryptojacking, the latest threat is called formjacking and it’s already posing a massive risk to online businesses and their customers. In 2018, formjacking compromised 4,818 websites every month. Here’s what you need to know:


What is formjacking?

Formjacking is a form of “virtual skimming”—a practice in which fraudsters intercept information that is input on a site. Think of all the information you supply when shopping online. Your credit card number, name, address, log-in credentials . . . If an e-commerce site has been compromised, all that information can be funneled onto a server to be sold or used for future fraud. And until that information is actually utilized, it’s virtually impossible to know it’s been stolen.

Compared to other forms of online fraud, formjacking is “relatively simple to carry out.” A formjacker plants malicious code on a site, and when information is entered, it’s sent directly to the fraudster. For consumers, a formjacked site is imperceptible, so it’s up to website owners to secure their sites.


What businesses are being targeted?

Any entity operating a website or accepting payments online is at risk of formjacking. British Airways and Ticketmaster have already been the victims of high-profile formjacking breaches. However, according to Symantec’s 2018 Internet Security Threat Report, small and medium-sized businesses are the most likely to be targeted by formjacking attempts.  Smaller businesses typically have less comprehensive cybersecurity than their larger counterparts, and this makes them vulnerable.

Click image to enlarge

How can you prevent formjacking on your own website?

Detecting formjacking can be incredibly difficult, as submission forms will remain fully operational while funneling information to fraudsters. That’s why, with formjacking, prevention is key.

To protect your business and the data of your customers, you’ll first need to secure your own website. Tools that will alert you when changes are made to the code on your site are priceless in the fight against formjacking. And, of course, you should follow web management best practices to keep your site safe. It’s also recommended that site scans, like the ones conducted by reputable PCI vendors, are utilized to catch any vulnerabilities before they’re exploited.

Finally, you’ll need to confirm that third-party apps and plug-ins are free of malicious code. Before rolling out updates to your customers, you or your web developer should test all new code to look for anything unusual or unfamiliar.


Final Thoughts

Formjacking is just the newest, shiniest hazard in a long line of cybersecurity threats. But unlike technology, the consequences of a data breach haven’t changed. If you don’t take steps to secure your shoppers’ information, you’re at risk of losing their business and your hard-earned money.

Ask yourself, if you believed that a business hadn’t taken precautions to protect your personal information, would you continue shopping there? It’s up to business owners to prevent formjacking, and it’s in everyone’s best interest that they do so. Want to learn more? Here are 10 ways to stay secure when accepting credit cards online.

BASYS Processing as a business partner 

Does your current processor understand the unique struggles of your industry? Do they provide great rates and personal customer service? Are they offering solutions to grow your business and being proactive about helping you reduce risk and increase your savings? 

Contact BASYS today to learn more about innovative payment solutions that will save you time and money. We make accepting debit cards and credit cards convenient, safe and affordable. 


BASYS Processing features: 

• A friendly, live voice will answer the phone when you call; no automated phone systems 
• In-house PCI Compliance team to walk you through the process step-by-step, improving security and reducing costs
• Accept payments in person, over the phone or online
• Next-day funding options 

About BASYS Processing 

BASYS Processing provides credit card and debit card processing services, plus solutions that include terminals, virtual terminals, e-commerce, mobile, and point-of-sale, customized to fit any need.  Banks, associations, and software partners depend on us to strengthen their reputations and relationships with their customers by providing remarkable service paired with ultimate flexibility and pricing. Merchants depend on us to make accepting credit cards and debit cards convenient, safe & affordable. BASYS was founded in 2002 on one philosophy: to take care of our merchants, partners, and employees so they never want to leave. We are dedicated to working one-on-one with our customers to design the perfect solution. BASYS is Personal Payment Processing. 

Learn more at basyspro.com, and connect with us online at: 

• YouTube