sourcedefense.com
Open in
urlscan Pro
35.185.203.155
Public Scan
Submitted URL: https://ckgv304.na1.hubspotlinks.com/Ctc/RH+113/cKGv304/VW-BvT7xD7s5W9bqbj62kyc4lW6D6W6y4PqT0FN8Vtb6N5nKvpV3Zsc37CgD5BW5_5Rd472c7cpV4...
Effective URL: https://sourcedefense.com/resources/blog/ecommerce-digital-and-marketing-teams-in-the-security-and-privacy-crosshairs/?utm...
Submission: On September 01 via api from US — Scanned from DE
Effective URL: https://sourcedefense.com/resources/blog/ecommerce-digital-and-marketing-teams-in-the-security-and-privacy-crosshairs/?utm...
Submission: On September 01 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/6087099/1e7d0bca-6d3b-46b2-8a2e-b276f201fad6
<form novalidate="" accept-charset="UTF-8" action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/6087099/1e7d0bca-6d3b-46b2-8a2e-b276f201fad6" enctype="multipart/form-data" id="hsForm_1e7d0bca-6d3b-46b2-8a2e-b276f201fad6"
method="POST" class="hs-form stacked hs-form-private hsForm_1e7d0bca-6d3b-46b2-8a2e-b276f201fad6 hs-form-1e7d0bca-6d3b-46b2-8a2e-b276f201fad6 hs-form-1e7d0bca-6d3b-46b2-8a2e-b276f201fad6_b67b4662-ae4c-4167-935f-2740eb592c7a"
data-form-id="1e7d0bca-6d3b-46b2-8a2e-b276f201fad6" data-portal-id="6087099" target="target_iframe_1e7d0bca-6d3b-46b2-8a2e-b276f201fad6" data-reactid=".hbspt-forms-0" data-hs-cf-bound="true">
<fieldset class="form-columns-2" data-reactid=".hbspt-forms-0.1:$0">
<div class="hs_firstname hs-firstname hs-fieldtype-text field hs-form-field" data-reactid=".hbspt-forms-0.1:$0.1:$firstname"><label id="label-firstname-1e7d0bca-6d3b-46b2-8a2e-b276f201fad6" class="" placeholder="Enter your First name"
for="firstname-1e7d0bca-6d3b-46b2-8a2e-b276f201fad6" data-reactid=".hbspt-forms-0.1:$0.1:$firstname.0"><span data-reactid=".hbspt-forms-0.1:$0.1:$firstname.0.0">First name</span></label>
<legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-0.1:$0.1:$firstname.1"></legend>
<div class="input" data-reactid=".hbspt-forms-0.1:$0.1:$firstname.$firstname"><input id="firstname-1e7d0bca-6d3b-46b2-8a2e-b276f201fad6" class="hs-input" type="text" name="firstname" value="" placeholder="" autocomplete="given-name"
data-reactid=".hbspt-forms-0.1:$0.1:$firstname.$firstname.0" inputmode="text"></div>
</div>
<div class="hs_lastname hs-lastname hs-fieldtype-text field hs-form-field" data-reactid=".hbspt-forms-0.1:$0.1:$lastname"><label id="label-lastname-1e7d0bca-6d3b-46b2-8a2e-b276f201fad6" class="" placeholder="Enter your Last name"
for="lastname-1e7d0bca-6d3b-46b2-8a2e-b276f201fad6" data-reactid=".hbspt-forms-0.1:$0.1:$lastname.0"><span data-reactid=".hbspt-forms-0.1:$0.1:$lastname.0.0">Last name</span></label>
<legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-0.1:$0.1:$lastname.1"></legend>
<div class="input" data-reactid=".hbspt-forms-0.1:$0.1:$lastname.$lastname"><input id="lastname-1e7d0bca-6d3b-46b2-8a2e-b276f201fad6" class="hs-input" type="text" name="lastname" value="" placeholder="" autocomplete="family-name"
data-reactid=".hbspt-forms-0.1:$0.1:$lastname.$lastname.0" inputmode="text"></div>
</div>
</fieldset>
<fieldset class="form-columns-1" data-reactid=".hbspt-forms-0.1:$1">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field" data-reactid=".hbspt-forms-0.1:$1.1:$email"><label id="label-email-1e7d0bca-6d3b-46b2-8a2e-b276f201fad6" class="" placeholder="Enter your Email"
for="email-1e7d0bca-6d3b-46b2-8a2e-b276f201fad6" data-reactid=".hbspt-forms-0.1:$1.1:$email.0"><span data-reactid=".hbspt-forms-0.1:$1.1:$email.0.0">Email</span><span class="hs-form-required"
data-reactid=".hbspt-forms-0.1:$1.1:$email.0.1">*</span></label>
<legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-0.1:$1.1:$email.1"></legend>
<div class="input" data-reactid=".hbspt-forms-0.1:$1.1:$email.$email"><input id="email-1e7d0bca-6d3b-46b2-8a2e-b276f201fad6" class="hs-input" type="email" name="email" required="" placeholder="" value="" autocomplete="email"
data-reactid=".hbspt-forms-0.1:$1.1:$email.$email.0" inputmode="email"></div>
</div>
</fieldset><noscript data-reactid=".hbspt-forms-0.2"></noscript>
<div class="hs_submit hs-submit" data-reactid=".hbspt-forms-0.5">
<div class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-0.5.0"></div>
<div class="actions" data-reactid=".hbspt-forms-0.5.1"><input type="submit" value="Subscribe" class="hs-button primary large" data-reactid=".hbspt-forms-0.5.1.0"></div>
</div><noscript data-reactid=".hbspt-forms-0.6"></noscript><input name="hs_context" type="hidden"
value="{"rumScriptExecuteTime":1815.1000022888184,"rumServiceResponseTime":2237.2999992370605,"rumFormRenderTime":1.5,"rumTotalRenderTime":2359.6000022888184,"rumTotalRequestTime":403.5999984741211,"lang":"en","renderRawHtml":"true","embedAtTimestamp":"1662047722237","formDefinitionUpdatedAt":"1636402844863","pageUrl":"https://sourcedefense.com/resources/blog/ecommerce-digital-and-marketing-teams-in-the-security-and-privacy-crosshairs/?utm_campaign=Digital_Q3%2FQ4-FY%2022&utm_medium=email&_hsmi=224610025&_hsenc=p2ANqtz-8tIC1loZBysxTgCKlRoKYLR-N2MF9rB-t5w-2x9cDsr3JrmFvr0SEErFpMGh5lQTjFWucISa903kdOkLPkg_MmbvDJOA&utm_content=224610025&utm_source=hs_email","pageTitle":"Ecommerce, Digital and Marketing Teams in the Security and Privacy Crosshairs - Source Defense","source":"FormsNext-static-5.519","sourceName":"FormsNext","sourceVersion":"5.519","sourceVersionMajor":"5","sourceVersionMinor":"519","timestamp":1662047722237,"userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36","originalEmbedContext":{"portalId":"6087099","formId":"1e7d0bca-6d3b-46b2-8a2e-b276f201fad6","target":"#hbspt-form-1662047721903-3676800348"},"urlParams":{"utm_campaign":"Digital_Q3/Q4-FY 22","utm_medium":"email","_hsmi":"224610025","_hsenc":"p2ANqtz-8tIC1loZBysxTgCKlRoKYLR-N2MF9rB-t5w-2x9cDsr3JrmFvr0SEErFpMGh5lQTjFWucISa903kdOkLPkg_MmbvDJOA","utm_content":"224610025","utm_source":"hs_email"},"renderedFieldsIds":["firstname","lastname","email"],"formTarget":"#hbspt-form-1662047721903-3676800348","correlationId":"66282f10-e8dc-4b1b-ba31-fa3330b06d96","hutk":"44ac1110e493caebf96db054db29fbe3","captchaStatus":"NOT_APPLICABLE"}"
data-reactid=".hbspt-forms-0.7"><iframe name="target_iframe_1e7d0bca-6d3b-46b2-8a2e-b276f201fad6" style="display:none;" data-reactid=".hbspt-forms-0.8"></iframe>
</form>Text Content
Skip to content * Products * Platform * ADMIN * VICE * WiPP * Website Threat Report * Industries * Financial Institutions * Online Retailers * Healthcare * Travel, Ticketing & Aviation * Media & Content Publishers * Resources * Blog * White Papers * Webinars * Research Lab * Video * FAQ * Events * Field Events * Company * About Us * Leadership * Board & Investors * Partners * Press & News * Join Our Team * Contact Us * Request a Demo ECOMMERCE, DIGITAL AND MARKETING TEAMS IN THE SECURITY AND PRIVACY CROSSHAIRS By Source Defense If you’re in the Retail sector, you’ve experienced an ecommerce surge over the past two years that was once predicted to take a decade. That means great opportunity but also great risk. If you’re a Digital or Marketing professional not in Retail, you understand that when it comes to doing business or promoting your business online, every company is a digital media and content publisher. Regardless of industry, you and your web team are constantly looking for new tools and partners to enhance user experience, collect visitor analytics, engage prospects and customers through chatbots or advertising, automate information request forms, and process credit cards, among many other functions. While all of this innovation is helping to drive brand awareness and revenue, there’s a dark side that, as a digital media professional, you must consider before you deploy that next 3rd party web application. Every day, your partner ecosystem puts you at risk of both data leakage – which occurs when your partners overreach, and the risk of data theft – which is perpetrated by cybercriminals. Both scenarios open you up for data privacy noncompliance fines and the potential for millions in losses. It only takes one 3rd party partner collecting data it shouldn’t, or one compromised rogue script to enable cybercriminals to steal the personal and financial data of your web visitors, putting your department in the crosshairs of a crisis that could have massive legal and financial implications. This is why your Security and Governance, Risk and Compliance (GRC) teams are always so paranoid about what you’re doing – and why many organizations find it hard to implement new functionality on their websites without lengthy review with those teams. But knowing what the risk is, and understanding that there are solutions to mitigate this risk which are easy to implement, cost effective, and don’t add burden to the Security or GRC teams is the way that YOU get back in the driver’s seat of what happens on your website. THE THREATS YOU MUST PROTECT AGAINST While every modern user-centered, feature-rich website is different, client-side processes are almost always written in JavaScript. According to our team’s latest intelligence, there are more than 1.7 billion public-facing websites worldwide, and JavaScript is used on 95% of them. Your partners employ JavaScript to enable the functionality you’re after – but you have virtually no visibility into what this code is doing. In a best case scenario, your partners may be capturing data in violation of strict data privacy compliance policies such as GDPR. In the worst case scenario, their code may be compromised by criminals to steal millions of credit cards, identities, etc. That’s why the latest PCI Security Council standard calls for doing something about the use of JavaScript across commerce oriented pages. When understanding the risk of attack, it is important that you – as the business owner – know what you’re up against. Every client-side web attack is different, but they all focus on data theft at the point of input – your forms. By attacking the point of input, cybercriminals can steal the customer’s private information, including credit card information, in real-time. A data breach is a quick way to convince customers to go elsewhere, where their personal information or other sensitive data will be secure. Surveys reveal that 64% of consumers confess to being unlikely to do business again with a company from which their personal data was stolen. So what are some of the ways cybercriminals are doing it? FORMJACKING These attacks can affect millions of people at once, or they can be highly targeted and affect a very specific group of people. Formjacking occurs when online criminals hack into a website to control its entry point where sensitive information is provided. This type of hack is most commonly associated with cybercriminals who seek to steal personal information such as phone numbers and home addresses, which could lead to identity theft. PAYMENT CARD SKIMMING (E-SKIMMING, DIGITAL SKIMMING) While retailers and banks have experienced physical skimming, where the attackers install stealthy credit card skimmer devices on ATM machines or point-of-sale terminals to steal credit card or debit card numbers and PINs, today’s cybercriminals do the same thing on e-commerce websites and skim payment data from input fields on existing payment forms or hijack unsuspecting users to fake checkout pages. MAGECART Magecart is a type of digital skimming attack that steals information from customers’ payment cards. They target shopping carts from systems like Magento, where a third-party piece of code, compromised by a systems integrator, can be infected without IT departments knowing about it. This is also known as a supply chain attack. FORM FIELD MANIPULATION Hackers can manipulate form fields to alter the data sent to a web server. They learn about your form field data by studying the source code on your web page. Anyone can do this by right-clicking on a page and choosing “view source code.” The HTML code includes your form field data, which skilled hackers can manipulate using injection attacks and other techniques. DEFEND YOUR DIGITAL ENTERPRISE Digital and marketing teams take note: It is time to deploy a control system to identify and control all 3rd party JavaScript on your web pages. And you can do so without adding complexity to your environment or requiring major capital expenditures. Source Defense uses real-time JavaScript sandboxing technology to create virtual pages that isolate the 3rd party scripts from the website. The virtual pages are an exact replica of the original ones, excluding what the 3rd parties are not supposed to see. We monitor all 3rd party script activities on the virtual pages. If the activity is within the premise of what they are allowed to do, we will transfer it from the virtual page to the original one. If not, we will keep their activity on the virtual pages isolated from the user and send a report to the website owner, alerting them of the 3rd party scripts violating their security policy. This is as close to ‘set it and forget it’ security and data privacy that you will see on the market. And it is a solution that gets Security and GRC out of the way of your decision making. Best of all, you can secure your customers’ data for a price similar to the third-party tools causing your security nightmares. Request a Demo to learn more about how Source Defense can help you mitigate a material risk to your organization, keep your partners from overreaching and defend your enterprise from Client-Side Attacks. Source Defense is a mission-critical element of web security. It is a data privacy compliance and security solution that protects sensitive user data collected on websites from data leakage or theft by extending security to the client-side. Source Defense is the market leader in Client-side Security for websites, providing real-time threat detection, protection, and prevention of vulnerabilities originating in JavaScript. Source Defense’s patented Website Client-side Security Platform offers the most comprehensive & complete solution addressing threats and risks from the increased usage of JavaScript, libraries, and open source in websites today. RELATED POSTS: [Infographic] Magecart by The Numbers [New Threat] JS Skimmer ‘Pipka’ Attacks eCommerce Businesses 3 Months after Ticketmaster attach, breached tools still in use on over 1000 websites PCI DSS 4.0 MAKES CLIENT-SIDE SECURITY A PRIORITY. Source Defense delivers a solution for 6.4.3 and 11.6.1 without adding a burden to your security teams. Download the Guide SOLUTIONS * Platform * ADMIN * VICE * WiPP * Website Threat Report INDUSTRIES * Financial Institutions * Online Retailers * Healthcare * Travel, Ticketing & Aviation * Media & Content Publishers RESOURCES * Blog * White Papers * Webinars * Video * Research Lab * FAQ COMPANY * About Us * Leadership * Board & Investors * Partners * Press & News * Join Our Team * Contact Us KEEP YOUR WEBSITE SAFE Get the latest news and updates to bulletproof your website First name Last name Email* Request a Demo * linkedin * Facebook * Twitter Privacy Policy | Terms of Service | ©2022 Source Defense. All Rights Reserved. Scroll We are using cookies to give you the best experience on our website. You can find out more about which cookies we are using or switch them off in settings. Accept Reject Close GDPR Cookie Settings * Privacy Overview * Strictly Necessary Cookies Powered by GDPR Cookie Compliance Privacy Overview This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful. Strictly Necessary Cookies Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings. Enable or Disable Cookies If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again. Enable All Save Settings