Instart Releases Anti-eSkimming Product ‘Privacy Alert’

Instart Releases Anti E-Skimming Product Privacy Alert

Computing and security company Instart has released a new product meant to fight against the practice of eSkimming, which is when criminals scan websites for personal information entered into forms online.

The new product is called Privacy Alert, and it’s a plugin that will warn consumers if personal data is potentially at risk when they log into a particular website, as well as when they’re creating a new account or making a payment online.

“Over the past couple of years, businesses have made headlines for falling victim to these eSkimming attacks, such as those perpetrated by the hacking group Magecart,” Instart said in a press release. “British Airways and TicketMaster are just two of many recent examples. As a result of these two breaches, attackers gained access to credit card numbers and other account details from hundreds of thousands of customers, and in the case of British Airways, they have been handed fines of over $200 million for failing to protect their customers’ data.”

The plugin, Instart said, is used by security teams to help ascertain gaps in security and figure out a web strategy. Teams can also use it when they’re trying to figure out how to make sure that online web forms are secure.

“Installing a chat widget, instead of building one from scratch, saves teams valuable time and money,” the press release stated. “But third-party code comes with a catch — it can access all the customer information being stored in your cookies or entered into form fields on your website. Even worse, web skimming attacks take place in the browser, making them difficult to detect since they occur outside of the traditional security controls, such as a web application firewall, that you have in place. Cybercriminals can (and will) inject malicious JavaScript into your website by infiltrating a third-party script, allowing them to access and steal your customers’ data.”

The company said Privacy Alert takes the guessing out of web app security, and it will let a person know which scripts have access to sensitive information.