Attackers are continuously evolving their methods to steal credit card data without detection. In this case, we’ve identified a custom-made attack that deploys a fake payment form tailored to each target site. In addition to mimicking the site’s branding, including the logo, the form features an address autocomplete component—as shown in the screenshot below.
What makes this attack especially deceptive is that it’s triggered from a non-sensitive page. This means websites that don’t monitor all of their pages may struggle to detect it.
Another interesting item to note is that the PCI Council has not yet required enforcement of client-side controls (Requirements 6.4.3 and 11.6.1) on non-payment pages .This means that such an attack can occur on a site that complies with the requirements. The bottom line is that this attack underscores why extending protections beyond payment pages is essential.
How does it work?
The attack code is activated when a user clicks the checkout button. It’s customized to match each site’s unique button labels and behavior. This action loads the fake payment form from a malicious domain, complete with the site’s logo and address autocomplete functionality. Once the user enters their data, it’s sent directly to the malicious domain—after which the legitimate payment form is loaded.
How does Source Defense protect you from such attacks?
Source Defense continuously monitors for and identifies emerging attacks, ensuring that malicious domains are swiftly detected, blacklisted, and blocked — often before they are flagged by other security providers.
It’s important to note that because the malicious code is launched from a non-payment page, only customers with full protection coverage — our Standard Protect product — are safeguarded against such threats. Limited Protect, which covers only payment pages, does not provide protection in this scenario.
How will you be alerted?
In this attack, the following alerts would be triggered if using the Source Defense system:
- New first party script identified – flags unknown or suspicious scripts
- New behaviors identified:
○ Accessing PCI data (Payment Data)
○ Accessing PII data
○ Sending data to blacklisted domain
These alerts would be prominently displayed in:
- The bell notification center
- The dashboard summary (marked in red)
The ‘Found in blacklists’ and ‘Script behaviors’ widgets with suspicious activity, both highlighted in red.
Don’t leave your payment pages exposed. Contact us to find out how to secure them.
Struggling with PCI Compliance?
Where to Start with PCI Compliance? Identify Your PCI Scope! The first step you need to take before beginning your PCI compliance journey is determining your PCI Scope. Get started with your complimentary PCI Scope Wizard today! Click below to book a free session with an expert who will guide you through the process. This 15–30-minute session is designed to save you countless hours of frustration—sit back and let us handle the details!
We’re Here to Help
Call 1 800 831 6660 or
What our clients are saying about us
“Never any issues with you guys! Things just work.”
“Customer service is a really big deal to us, and I am glad to do business with a company that obviously takes it as seriously as we do.”
“We’re happy with the IVR Payment system and it has been working well for us. Recently we also setup your newest SMS (text) receipts and found it to work great.”
“I want to command you and your team at Datatel on the job just completed for Tele-Response Center. The attention to detail and professionalism with which you approached the project was exemplary and greatly appreciated especially considering the several applications that needed to be implemented on short notice. Thanks again for your assistance getting this project off the ground so smoothly.”
“My team and I would like to commend Datatel on creating an IVR application that adds great value to our new Travel product. Your knowledge, input and expertise in IVR scripting, call flow management and overall IVR logistics made the development and implementation stages extremely easy to manage. Thank you for a well executed campaign that was launched on time and on budget.”
“Great team to work with. I look forward to utilizing some additional capabilities in the future.”
“We are very grateful for many years of mutually beneficial business relationship with Datatel and for impeccable customer service we have received during these years.”
“We, Standard Life, very much appreciated Datatel’s expertise, knowledge and support as we worked through the development and implementation stages. Our Clients appreciate the simplicity of the capability, while gathering very valuable feedback. Thanks for making this a very positive experience.”
“This was one of the best implementations I have been a part of. The communication was excellent and everything was responded to and dealt with swiftly. A real pleasure. We are looking forward to the impact this will have on our patient payments! Thank you!”
