Why iFrames alone won’t stop web skimming attacks from stealing customer data
Web skimming and Magecart headlines have taken the online world by storm over the past year as attackers have infected sites like Macy’s and Sweaty Betty, leaving organizations to consider what technologies will prevent these data breaches from happening to them. In many cases, security teams are tasked with understanding the differences between the protection offered by iFrames compared to the data-level protection provided by Instart Web Skimming Protection.
Stopping data loss is getting harder as Magecart attackers employ new techniquesRelated Blog
Here is how companies should think about this:
- IFrames: Data in the iFrame is isolated from attack
Limitation: Not all sensitive data lives in iFrames.
- Instart Web Skimming Protection: Restrict data access directly in the DOM
Limitation: Instart can’t protect data that doesn’t exist in the DOM.
Important note: If your third-party provider is attacked, your customer information could be susceptible to theft, but the responsibility for that breach would fall on the third-party provider. However, as your website collected the sensitive information, your brand reputation could still be impacted since most customers don’t differentiate between your company and the vendors you choose to implement.
Protecting web apps from Magecart and other web skimming attacks will be a top priority for any organizations with an online presence. It’s essential for companies to assess the types of content they have on their site — including third-party scripts and iFrames — and create a strategy to secure any and all information collected on their website.
When putting together a comprehensive approach, it’s important to understand that you are responsible for securing all of the data you collect outside of an iFrame — whether from website forms, cookies, or scripts from third-party vendors. To avoid data being compromised by web skimming, a strong security strategy will require a combination of tools to protect all of the information on your website — relying on a single type of protection, such as iFrames, will leave customer data vulnerable to attack.
Learn more about Instart Web Skimming Protection and register for a 30-day free trial.Get a FREE 30-day trial
*** This is a Security Bloggers Network syndicated blog from Instart blog RSS authored by Anton Kim. Read the original post at: https://www.instart.com/blog/iframes-and-web-skimming-attacks