Online Skimming Prevention Solution

Intelligent client-side protection from online skimming attacks designed to steal your sensitive user data and other valuable assets


Read our 15-minute guide to client-side skimming protection



Learn how client-side online skimming attacks work


Video demo

See how Ensighten prevents online skimming attacks


Case study

Learn how Ensighten prevents data theft for banks


Online skimming attacks have increased in intensity and complexity and have been used to steal data from the websites of some of the worlds most valuable brands. Ensighten’s security capabilities will mitigate these attackseven when the breach is within a supply chain technology.

Unlike other solutionsEnsighten’s technology does not rely on legacy signature-based mitigation approaches or even attempts to simply lessen the burden of security capabilities, such as CSP and SRI, but instead utilizes modern, cutting-edge browser-based detection to prevent attacks from taking place.

What are online skimming attacks?

Online skimming is a website attack method designed to steal user data by injecting malware into a web page, often by compromising a third-party script. Skimming incidents have increased dramatically over the past few years and a number of significant brands have experienced breaches resulting in millions  of consumers having their personal information stolen.  

Online skimming attacks are dangerous and should be a serious security concern because:    

  • Your infrastructure does not need to be breached for your website to be exploited; attackers can target JavaScript files within the many third-party libraries utilized on your website  
  • The browser is what processes the JavaScript files and there is often no visibility into the malicious activity, making detection difficult  
  • You are liable for severe compliance penalties resulting from a skimming attack


Read our 15-minute guide to client-side online skimming protection


How an online skimming attack happens 

 For a skimming attack to be successful, cybercriminals will  inject malware into your website. However,  they can  also  target one of your third-party  vendors. These are  often outside of your control and an attacker  does  not actually need to infiltrate  your servers  to perform a successful exploit. 



The risk of third-party JavaScript

In order to deliver rich and immersive, modern sites, organizations utilize third-party JavaScript to enable components such as virtual bots, shopping carts, credit card processing and more.  

When a website is accessed by a user, their browser fetches content from the organization’s web servers, known as first-party content, along with content from numerous other online locations, known as third-party content. To the browser, however, all content is treated equally  regardless of whether it is first or third party. That is, any code can read any data, irrespective of where the code or data originated. While you may invest in significant efforts to secure your own infrastructure, if an attacker is able to breach one of the third-party libraries, then they are able to steal customer data as they interact with your website. 

Preventing online skimming

With the many third-party components forming part of almost every website, most organizations understand that it is not a matter of if, but when their site will be impacted by skimming malware. Short of creating and maintaining every single line of code in-house, organizations cannot guarantee that they are protected against skimming attacks.    

The only solution to mitigating online skimming is to prevent attackers from being able to exfiltrate data from your website by implementing an allowlist of trusted and validated network locations. Should a third-party vendor become breached, the attackers would be unable to extract any data.

Learn more about Ensighten and our solution

Video demo
See how Ensighten prevents client-side online skimming attacks
Watch now
Case study
Learn how the Ensighten solution prevents client-side attacks for banks
Read now
Threat intelligence
Learn how Ensighten uses threat intelligence to detect existing and emerging threats
Learn More