Magecart, a persistent credit card skimmer

Making headlines throughout 2018, Magecart has caused harm to major brands

What is Magecart?

Believed to be a hacker group, Magecart have been behind several high-profile credit card skimming operations found on major sites across the web. With brands like British Airways and Ticketmaster affected, Magecart has caused harm to user around the world.

Magecart usually find a way to insert hostile JavaScript into a target website which proceeds to skim card details of unsuspecting visitors. Either through a weakness in the application itself, or by modifying 3rd party JavaScript, the attacker gets the ability to execute script on your page.

Many large brands have been hit this year and advice from government and the industry has consistently included the use of CSP and SRI. With control over scripts on your origin it's possible to defend yourself against sophisticated attacks like Magecart.

credit card input fields

Content Security Policy

CSP allows you to take strict control over exactly what resources are allowed to load on your site. With full control over script that can execute on your origin, you can effectively prevent attacks like those carried out by Magecart.

It's important to understand that in scenarios like a server compromise, CSP, and other technologies, can't help us. With full control over the page the attackers can't be stopped.

Many sites that were hit by Magecart would have been better off if they'd had a CSP in place. Not only can we control where script can be loaded from, we can also control what script can be loaded with the addition of integrity checking.

credit card symbols

Some facts about us

37k+ Domains Monitored
1.25T+ Reports Processed
1k+ Alexa Top 1M Sites

Simple Pricing

Select your usage


Per Month*

Enterprise Accounts

We can tailor a package to your exact requirements with custom usage, billing and SLA. You need an enterprise account if you're looking for any of the following features, just get in touch!

  • Invoicing
  • Managed/Dedicated Instance
  • Geographic Hosting/Processing
  • Custom or Unlimited Usage
  • Support SLA
  • Custom Terms

We're Trusted By

Award Winning Service