Please complete the form to apply for a free scan account.
We'll get back to you as soon as possible.
Turaco Labs needs the information provided to contact you about our services.
Tags:
Digital skimming, also called e-skimming or online card skimming, involves cybercriminals stealing credit card details or payment data from your online store's visitors. These attackers employ malicious scripts/code injections which "skim" payment and personal information from input fields on your payment forms, or they direct users to fake checkout pages. Once the data is stolen, the cybercriminals use this data to go shopping, or sell the data on the dark web for future illicit activities.
Exploiting security gaps in an eCommerce website, criminals load the digital skimmers (malicious code—known as a skimmer) — into the vulnerable website's header or footer, or third party scripts. These malicious scripts then capture credit card and payment data when users enter it into payment forms. Digital skimmers are now the most common malware being used the steal payment data around the world (see our monthly eCommerce ThreatScape Report for more info).
Digital skimmers have been fairly simple over the last few years - very easily detected if you are using an appropriate technology to monitor your site (like ThreatView). However, over the last 12 months we have seen an emergence of what is a considerably more "stealthy" approach to Digital Skimmers, where the criminals are using obfuscation tactics, randomisation and more to make it considerably more challenging to detect them, with the result that they often go undetected for fairly extended periods of time (unless of course, the website is being proactively monitored for this sort of threat - yes, using something like ThreatView).
Arguably Magecart brought digital skimmers into focus for the industry. Magecart attacks targeted Magento websites, originally (we're talking a few years ago), but have since evolved to target a wide range of platforms. With that said, Magento 1 and Magento 2 remain the most targeted platforms in the eCommerce world, making up roughly 65% of the hacked sites globally (see our monthly eCommerce ThreatScape Report).
There have been many well recognised brands that have fallen victim to digital skimming and Magecart, in particular, with British Airways being the most publicised (https://www.theregister.com/2020/10/16/british_airways_ico_fine_20m/), netting the organisation a substantial GDPR penalty and unpublished liabilities to the card brands.
Typically criminals will take advantage of vulnerabilties in the target website to gain access - they then typically figure out a way to maintain a persistent presence, typically by installing a backdoor/webshell. Once they have this level of access, they then deploy a digital skimmer.
A defence in depth approach is always the best place to start. Make it hard for the criminals to break in undetected in the first place. But then you need to look towards more specialist technologies to monitor for specific threats and Indicators of Compromise as digital skimmers tend to evade detection by "standard" security scanners and solutions.
You can get this defence in depth approach by combining the following technologies:
Or, simply deploy a technology like ThreatView Advanced, which builds advanced security monitoring and protection into your website, without you needing to be a cyber security specialist.
In short, ThreatView simplifies cyber security for eCommerce websites and enables you to focus on what you do best.
Over the last three months, the digital skimmer landscape has changed noticeably. Based on the latest ThreatView charts, Magento 2 remains the most targeted platform, but the biggest movement is elsewhere: Shopify has risen sharply and now appears to be the second most targeted platform for digital skimmers.
In February 2026, we detected 327 compromised PrestaShop websites running card-harvesting malware loaders or digital skimmer malware. By the beginning of June 2026, that number had risen to 1,068. This is an active, expanding campaign affecting a growing number of merchants.
A practical guide for Magento and Adobe Commerce merchants dealing with PolyShell: what it is, how to detect compromise, how ThreatView helps, and what to do next.
