Security Metrics Update for Summer 2026
OREM, UTAH
Securitymetrics.com HITEC booth #2554
SecurityMetrics secures peace of mind for businesses that handle sensitive data.
As a cybersecurity and compliance brand, they specialize in scaling complex security requirements into manageable, high-performing compliance programs. Whether you need to oversee your own compliance or the compliance status of thousands of outlets, SecurityMetrics focuses on actionable guidance to reach cybersecurity.
Using frameworks like the payment card industry data security standard (PCI DSS), health information trust alliance (HITRUST), health insurance portability and accountability act (HIPAA), national institute of standards and technology (NIST) framework, cybersecurity maturity model certification (CMMC), center for internet security (CIS) controls and the general data protection regulation (GDPR), SecurityMetrics helps organizations achieve their compliance program goals.
E-commerce skimming is the fastest growing threat affecting e-commerce websites
After conducting more than 2,000 e-commerce investigations, the forensics investigators at SecurityMetrics identified an alarming trend. In 100% of card data skimming cases affecting e-commerce websites, the security failure was found on the merchant’s referring page rather than on a third-party service provider's payment page.
This trend highlighted the need for a solution to help e-commerce websites better detect and fight against e-skimming.
Here are the top five malicious issues SecurityMetrics typically finds while investigating e-commerce websites for leaking credit cards data:
- JavaScript that skims credit cards from a payment checkout page.
- Double posts of credit card data returning to an alternate checkout page on the merchant's server.
- Scripts running with a post of data to known bad sites.
- Authorized payment webforms being replaced by counterfeit forms.
- Directory browsing enabled on the web pages.
Any of these issues means a merchant’s e-commerce website has been breached.
To strengthen e-commerce merchant security, SecurityMetrics built Shopping Cart Monitor. Shopping Cart Monitor doesn’t require software downloads or configuration.
Instead, only a URL is needed to get started. For organizations that rely on transactions from their e-commerce website, this tool improves security by checking e-commerce websites for indicators of compromise and generating a full list of scripts executed on the payment page.
Shopping Cart Monitor simulates the checkout process and the behaviors involved on the page. Any JavaScript on the page is inventoried and documented to meet PCI requirement 6.4.3. It runs automatically at regular intervals looking for payment page modifications, meeting PCI requirement 11.6.1, which requires having a change- and tamper-detection mechanism in place. The business also specializes in vulnerability scanning (ASV), forensic investigations and penetration testing.
For users looking to avoid a complex setup, this cloud-based product can be set up in as little as 10 minutes, all while being a fully integrated PCI compliance tool.
Unlike other solutions on the market, Shopping Cart Monitor can’t be subverted by malicious threat actors. It gives merchants a complete picture of what’s happening behind the scenes, so their customers don’t get their credit card information skimmed. To learn more about Shopping Cart Monitor, visit: https://info.securitymetrics.com/shopping-cart-monitor.
For more information on SecurityMetrics, please visit www.securitymetrics.com.
.gif)
