top of page
  • Writer's pictureKelsie Papenhausen

US & EU E-Commerce Websites Put Payment Data at Risk

Updated: Feb 23, 2023

Study of Top Sites Reveals the Presence of Hundreds of Third-Party Scripts

PORTO, Portugal, Wednesday, January 22, 2023- Jscrambler, the leading security solution for JavaScript protection and real-time webpage monitoring, today released findings of e-commerce websites in the US and EU under constant risk of data skimming attacks due to unprotected JavaScript running on the payment page.

For these reports, 20 highly trafficked e-commerce websites with more than $50M in revenue were selected. These websites were from varied industries including health, personal care, retail, groceries, home goods, consumer electronics and airlines.

Key findings from this research include:

US websites:

·60% of the analyzed websites have more than 10 different vendors on their payment pages.

·On average, 148 scripts are being loaded on the payment page, and of these, 58% are third-party.

·One of the analyzed websites did not allow the retrieval of data.

EU websites:

·80% of the analyzed websites have more than 10 different vendors on their payment pages.

·On average, 123 scripts are being loaded on the payment page, and from these, 97% are third-party.

·All websites allowed the retrieval of data.

“In a time when so many are using websites to conduct their daily lives, securing payment is of utmost importance. The responsibility to secure payments falls directly on the host of these webpages, and should be their utmost priority,” said Rui Ribeiro, CEO and Founder, Jscrambler. “Only the third-party scripts that are necessary to function should be used on such websites and, given the length of sensitive data being handled, security cannot continue to be treated as an afterthought.”

The main goal of the research is to highlight the importance of having visibility and control over the scripts that are present on the payment pages, especially on e-commerce websites. Popular e-commerce sites in North America and Europe were selected for analysis in order to understand the scope of the problem and potential points of failure. Jscrambler looked at the number of scripts on the payment pages controlled by third parties. The findings indicate that the possible attack surface is huge unless these sites find a way to identify, monitor and control the behavior of third-party Scripts.

About Jscrambler

Jscrambler is a leading authority in client-side security software. Its solutions defend enterprises from revenue and reputational harm caused by accidental or intentional JavaScript misbehavior. Jscrambler makes first-party code resilient to tampering and prevents interference with third-party code. Their solutions work continuously, keeping you protected regardless of how frequently things change. From code to runtime, Jscrambler has companies covered with a level of visibility and control that supports business innovation. Jscrambler’s customers include the FORTUNE 500, retailers, airlines, banks, and other enterprises whose success depends on safely engaging with their customers online. Jscrambler keeps these interactions secure so they can continue to innovate without fear of damaging their revenue source, reputation, or regulatory compliance.


bottom of page