Prevent and Detect Magecart Attacks

Rapid and accurate detection for Magecart breaches, website skimming, formjacking and supply chain attacks. Protect your customer’s data, prevent massive fines and avoid damage to your business’ reputation.
No install needed – discover data exposure in minutes.

Get StartedLet’s Talk

See how it works:

Defend against Website Data Breach Attacks

Do you know when your customers’ personal and financial data is being stolen from your website?

There are 4,800 formjacking attacks each month, with many reported in the press causing huge reputational damage to a business.

  • RapidSpike protects brands of all sizes – from global multinationals, to small independants.

The affected websites range from small online stores to large multinationals. Often these breaches are via third party suppliers.

  • RapidSpike monitors all traffic – including all your third parties.

The average total fine for a breach is $3.92 million. The longer it occurs, the more affected customers – the higher the fine.

  • RapidSpike can detect breaches instantly

How Do These Attacks Happen?

Magecart-style attacks occur by exploiting a vulnerability on the web server. They then either inject malicious JavaScript code into an existing file or edit the HTML of the website to call a new third-party JavaScript file that includes malicious code.

Watch our helpful explainer video

RapidSpike - Shopper enters details on website

Whilst your customers browse and purchase on your website, scripts are loaded from third parties.

Magecart hacker infiltrates third-party.

If a third party is compromised, hackers then have a way to write scripts affecting your website.

Shoppers details are sent to the Magecart hacker.

Hackers can then intercept customer card details without you even noticing, siphoning them off to an external server to see on the black market.

View an in-depth analysis of an attack

One Tool, Three Methods For Deeper Analysis and Protection

This multi-layered approach means we can examine more data points than ever before – helping us to understand exactly where customers’ information is being sent to, allowing companies to both proactively and reactively detect data breaches on the client-side faster than ever.

Synthetic Attack Detection

Continuously walks through the critical areas of your website, monitoring internal and third-party files – absolutely anything sending data from your website.

We build a whitelist of calls made from your website, and then warn you if any new destination hosts appear.

RapidSpike Magecart Hosts Seen
Magecart safe list

Real User Attack Detection

Monitor live traffic as it interacts with your website. We then collect information about where visitor data is being sent. If a malicious destination is added to your website, RapidSpike will alert you.

Magecart Attacks Are Affecting All Sizes of Business

Victims include major retailers, global leading brands, international and small independent businesses:

British Airways logo
  • 380,000 customers affected
  • £20 million fine
  • 16 days before detection
  • Huge press coverage

Details were taken via a script designed to steal financial information by skimming the payment page before it was submitted.

Ticketmaster logo
  • 40,000 customers affected
  • 4 months before detection

Malicious software on third-party customer support product caused the hack. Stolen details included; names, addresses, email addresses, telephone numbers and payment details.

Vision Direct logo
  • 6,600 customers’ details stolen
  • 5 days before detection

JavaScript file was injected into the Vision Direct website posing to be a legitimate Google Plugin. Vision Direct have provided all affected customers with an Identity Monitoring Service.

AMCA logo
  • 20 million US citizens affected
  • Website hacked for 8 months
  • $3.8m spent on mailing notices

AMCA have filed for Chapter 11 protection and listed assets of $10 million. Multiple lawsuits against AMCA and the companies this breach affected have been filed.

Volusion logo
  • 6,589 websites affected
  • 239,000 payment details sold for $1.6million
  • Infected for 26 days before detection

Volusion are an ecommerce shopping cart provider. The malicious file and domain were both disguised to look legitimate.

Macy's logo
  • 1 week before detection

The breach occurred from October 7th – 15th, 2019. An unauthorised third-party added malicious code to two pages on macys.com, including the checkout page and the wallet page.

View the latest attacks

The Benefits of Magecart Attack Detection

RapidSpike Magecart Attack Detection can secure your website with the following benefits:
clock

Reduce Detection Time

Reduce the detection time from 12 days to under 5 minutes

100% Awareness

Ensure no malicious destinations get added to your website without your prior knowledge

No Unauthorised Changes

Easily and continuously protect against unauthorised changes to your critical JavaScript files

Detect All Magecart Attacks

Detects website skimming, form-jacking and supply chain attacks.

Comply With Legislation

Clear evidence for the ICO that you have taken steps to defend yourself

Monitor Your Supply Chain

You can’t secure what you don’t own – assure your third-party supply chain

Page investigation

Real Time Monitoring

Continuously monitor for changes before, during and after the event

calendar

Up-To-Date Protection

Research and Development into new threats on a weekly basis

list

Access our Global Security List

Comprehensive trusted and untrusted domains database to help you decide quickly who to trust

Magecart alert warning

Comprehensive Alerting

Receive alerts of any issues in the format of your choice (Email, SMS, Voice, Slack and more)

avoid sign

Avoid complex CSPs

No need to lock down everything with overbearing content security policies

Arrange a demo and see first-hand what we can learn about your site