US & EU E-Commerce Websites Put Payment Data at Risk
Updated: Feb 23
Study of Top Sites Reveals the Presence of Hundreds of Third-Party Scripts
For these reports, 20 highly trafficked e-commerce websites with more than $50M in revenue were selected. These websites were from varied industries including health, personal care, retail, groceries, home goods, consumer electronics and airlines.
Key findings from this research include:
·60% of the analyzed websites have more than 10 different vendors on their payment pages.
·On average, 148 scripts are being loaded on the payment page, and of these, 58% are third-party.
·One of the analyzed websites did not allow the retrieval of data.
·80% of the analyzed websites have more than 10 different vendors on their payment pages.
·On average, 123 scripts are being loaded on the payment page, and from these, 97% are third-party.
·All websites allowed the retrieval of data.
“In a time when so many are using websites to conduct their daily lives, securing payment is of utmost importance. The responsibility to secure payments falls directly on the host of these webpages, and should be their utmost priority,” said Rui Ribeiro, CEO and Founder, Jscrambler. “Only the third-party scripts that are necessary to function should be used on such websites and, given the length of sensitive data being handled, security cannot continue to be treated as an afterthought.”
The main goal of the research is to highlight the importance of having visibility and control over the scripts that are present on the payment pages, especially on e-commerce websites. Popular e-commerce sites in North America and Europe were selected for analysis in order to understand the scope of the problem and potential points of failure. Jscrambler looked at the number of scripts on the payment pages controlled by third parties. The findings indicate that the possible attack surface is huge unless these sites find a way to identify, monitor and control the behavior of third-party Scripts.
Today’s full findings can be found at: http://blog.jscrambler.com/third-party-scripts-e-commerce-websites/