How do you protect your clients from formjacking?
- Q and A
- Edited 2 June 2025
- 1 min
- Managing and growing
- Secure business
Without anyone noticing, a cyber criminal changes the entry fields on your website. When your customer places an order and fills in their payment details, they are sent directly to the criminal. The criminal will use your customer's name and credit card information to make purchases themselves. This type of cybercrime is called formjacking.
Cyber Magazine SECURE IT!
Cyber magazine SECURE IT! contains tips and information on how to secure your business online.
What is formjacking?
Formjacking means a hacker changes the entry fields of a form on a website or online shop, so that any information the visitor fills in ends up with the hacker. Hackers do this by changing the code of the website. They gain access to confidential information, such as credit card details, often without anyone else knowing. With this information, the hacker can make payments and also misuse your client's identity.
Hard to detect
It is almost impossible for a customer to detect formjacking. And usually you don not notice yourself of 1 or more forms on your wsite have been hacked. But fortunately there are things you can do to protect your customers from formjacking.
Protect your customers
- Make sure your website software, including any plug ins, is up to date. You can do this yourself, for instance once a month, or outsource it to an IT service provider.
- Limit the number of personal you ask for and choose payment methods like iDEAL, so that your customers do not have to fill in credit card details.
- Run a regular website security test. You can use an automated cyber resilience scan for this. It will expose any weak spots in your security armour. Or get an ethical hacker to perform a penetration test. You can ask them to focus on certain security issues, such as formjacking.Â
- Â Discuss the options you have when it comes to checking for formjacking with your IT supplier.
