We all know to steer clear of shady ATMs in dark corners, for fear that someone has installed a "skimmer" (a device that copies your card). But what do you do when this device becomes invisible and moves to your favorite shopping site?
In 2026, this method is called Formjacking. It’s a huge threat because it doesn’t target your computer, but the store’s website. At Altanet Craiova, we want you to understand how this silent theft works, so you know how to protect your money.
What is Formjacking and how does the "digital skimmer" work?
Formjacking occurs when hackers manage to insert malicious code (a script) into the checkout page of a legitimate online store. The store functions perfectly normally, the products are real, and the payment appears secure.
However, the moment you enter your card number, expiration date, and CVV code and click "Pay," that hidden code makes a copy of your data and instantly sends it to the hackers. Basically, it’s like having a thief looking over your shoulder while you fill out the form.
Why is it hard to detect?
Unlike phishing sites (which are fake), with formjacking you’re on the real, original site. Your browser shows the green padlock (HTTPS), and everything looks fine. Most of the time, not even the store owner knows their site has been compromised until customers start complaining about money disappearing from their accounts.
How can you protect yourself when paying online?
Since you can’t see the code behind the website, you need to use payment methods that protect you even if your data is stolen:
- Use virtual (disposable) cards: Modern banking apps (such as Revolut or those from local banks) let you create a single-use virtual card. After you make the payment, the card self-destructs. Even if a hacker has copied the data, it’s no longer valid after 5 minutes.
- Enable SMS/Push notifications: You need to know immediately if a transaction appears that you didn’t make. The sooner you call the bank to block the card, the better.
- Avoid saving your card to your account: While it’s convenient to click “Save Card for future purchases,” if the store’s database is compromised, your data is exposed. It’s safer to enter it manually each time (using a virtual card).
To delve deeper into the topic and see examples of famous attacks (such as those by the Magecart group), you can read the technical analysis from Palo Alto Networks on Formjacking attacks.
Conclusion
Online shopping is fantastic, but it comes with responsibilities. Don’t just rely on the fact that a site is “well-known” or “secure.” Always use an extra layer of financial protection, such as virtual cards.
Do you have an online store and want to make sure your checkout page hasn’t been compromised? We offer security audits and IT services to protect e-commerce businesses. Visit our contact page and secure your customers’ transactions.
This content is part of Altanet’s educational series on digital security. Want to know what other risks you’re facing this year? See the complete list of cyber threats for 2026.
