Online Skimming Prevention Solution

Online skimming attacks have increased in intensity and complexity and have been used to steal data from the websites of some of the world’s most valuable brands. Ensighten’s security capabilities will mitigate these attacks, even when the breach is within a supply chain technology.

Unlike other solutions, Ensighten’s technology does not rely on legacy signature-based mitigation approaches or even attempts to simply lessen the burden of security capabilities, such as CSP and SRI, but instead utilizes modern, cutting-edge browser-based detection to prevent attacks from taking place.

Solution highlights

Network allowlist

Prevents data from leaving the web page except to approved destinations

Modern  filtering

Stops emerging attack methods, including mutating resources and image injection

Performant and lightweight

SaaS-delivered technology from highly scalable cloud infrastructure protects your website while maintaining the very best user experience

Intelligent analysis

Identifies specific types of data, such as credit card numbers and social security numbers, and prevents transmission to unknown destinations

Real-time analytics and reporting

Monitors all network requests and provides visibility into attack attempts, alerting you to potential issues

Comprehensive user interface

Allows easy configuration, rapid onboarding and low-maintenance protection

Comprehensive protection

Online skimming methods are changing and being tuned to avoid detection. Our solution is also constantly evolving to mitigate these attacks and currently enables protection against the following:

JavaScript injection

Magecart

Third-party vendor exploitation

CSS injection

Client-side keylogging

Formjacking

Web skimming

Tag piggybacking

Man-in-the-browser

How we compare 

	Ensighten	Other online skimming protection solutions	Standard website protections
JavaScript injection mitigation Also known as online skimming protection, web skimming protection and formjacking protection. Prevents data from being stolen through malicious code which has been injected into JS libraries which are used within websites	Yes	Yes	Limited
CSS injection mitigation Prevents data from being stolen through CSS injection techniques, including brute-force stuffing	Yes	Limited	Limited
Form replacement mitigation Prevents attackers from replacing forms, such as checkout forms, with fake data stealing forms by utilizing components such as iFrames	Yes	No	No
Malicious ad injection prevention Prevents malicious ads being injected into websites through exploited components or through rogue browser extensions	Yes	No	No
Network allowlist Prevents data from being transmitted from a web page to remote locations other than those specifically defined in an allowlist	Yes	No	No
Full event-loop reporting Provides comprehensive reporting regarding client-side attack protection, including attempted and mitigated attacks	Yes	Limited	No
Simple setup and configuration Allows organizations to configure the solution simply by keeping configuration requirements to a minimum but still delivering a secure application	Yes	Limited	No
Performant-focused solution Ensures that website performance is not affected by the implementation of an additional security layer	Yes	Caution	Caution

What are online skimming attacks?

Online skimming is a website attack method designed to steal user data by injecting malware into a web page, often by compromising a third-party script. Skimming incidents have increased dramatically over the past few years and a number of significant brands have experienced breaches resulting in millions  of consumers having their personal information stolen. 

Online skimming attacks are dangerous and should be a serious security concern because:   

Your infrastructure does not need to be breached for your website to be exploited; attackers can target JavaScript files within the many third-party libraries utilized on your website

The browser is what processes the JavaScript files and there is often no visibility into the malicious activity, making detection difficult

You are liable for severe compliance penalties resulting from a skimming attack

Preventing online skimming

With the many third-party components forming part of almost every website, most organizations understand that it is not a matter of if, but when their site will be impacted by skimming malware. Short of creating and maintaining every single line of code in-house, organizations cannot guarantee that they are protected against skimming attacks.   

The only solution to mitigating online skimming is to prevent attackers from being able to exfiltrate data from your website by implementing an allowlist of trusted and validated network locations. Should a third-party vendor become breached, the attackers would be unable to extract any data. 

The risk of third-party JavaScript

In order to deliver rich and immersive, modern sites, organizations utilize third-party JavaScript to enable components such as virtual bots, shopping carts, credit card processing and more. 

When a website is accessed by a user, their browser fetches content from the organization’s web servers, known as first-party content, along with content from numerous other online locations, known as third-party content. To the browser, however, all content is treated equally – regardless of whether it is first or third party. That is, any code can read any data, irrespective of where the code or data originated. While you may invest in significant efforts to secure your own infrastructure, if an attacker is able to breach one of the third-party libraries, then they are able to steal customer data as they interact with your website. 

Prevent online skimming attacks

Online skimming is a popular option for cybercriminals looking to steal sensitive data. Get in contact to learn more about how you can protect your website from attacks

Solutions