How do you protect your clients from formjacking?

Without anyone noticing, a cyber criminal changes the entry fields on your website. When your customer places an order and fills in their payment details, they are sent directly to the criminal. The criminal will use your customer's name and credit card information to make purchases themselves. This type of cybercrime is called formjacking.

Cyber Magazine SECURE IT!

Cyber magazine SECURE IT! contains tips and information on how to secure your business online.

Read it

What is formjacking?

Formjacking means a hacker changes the entry fields of a form on a website, so that any information the visitor fills in ends up with the hacker. Hackers do this by changing the code of the website. They gain access to confidential information, such as credit card details, often without anyone else knowing. With this information, the hacker can make payments and also misuse your client's identity.

Hard to detect

It is almost impossible for a customer to detect formjacking. "And the bad news is that it is really difficult for entrepreneurs as well to spot if their entry fields have been hacked", says Erwin Hasenpflug, cyber specialist at Digital Trust Center. “But fortunately there are a few things you can do.”

Protect your customers

Hasenpflug has a few tips to protect your customers from, among other things, formjacking.

  • Make sure your website software, including any plug ins, is up to date. You can do this yourself, for instance once a month, or outsource it to an IT service provider.
  • Limit the number of personal details you ask for and choose payment methods like iDEAL, so that your customers do not have to fill in credit card details.
  • Run a regular website security test. You can use an automated cyber resilience scan for this. It will expose any weak spots in your security armour. Or get an ethical hacker to perform a penetration test. You can ask them to focus on certain security issues, such as formjacking. 
  • Recognise unwanted adjustments to your website code. Perhaps you have some basic knowledge about source code. If you do, you may be able to spot changes yourself. Although this remains tricky, especially if you have a dynamic website. Discuss the options you have when it comes to checking for formjacking with your IT supplier.