Magecart is Still a Threat to E-commerce Sites

Sometimes, even fraudsters have a recognizable brand. Cybercrime is a highly organized, technologically sophisticated operation these days, and many fraudsters are part of organizations or syndicates that share information and resources with each other. The unfortunate result of these regrettable alliances is that fraudsters are able to hit bigger and more varied targets with greater success rates.

One informal association of e-commerce hackers is known as Magecart, and they’ve become notorious for the number of high-profile cyberattacks they’ve been able to pull off. What is Magecart, and how can merchants protect their data from this insidious type of cyberattack?

  1. What is Magecart?
  2. How Do Magecart Attacks Work?
  3. Why is Magecart So Notorious?
  4. How Can Merchants Protect Themselves from Magecart?
  5. Conclusion

BNPL E-Guide“Fraud and cybercrime on the rise” is one of those headlines that seems to be evergreen. As e-commerce continues to grow, fraud and cyberattacks grow right alongside it, probing for vulnerabilities and taking advantage of inexperienced consumers and new technologies.

The FBI has reported a 300% increase in cybercrime since the start of the COVID-19 pandemic, with annual damages on track to exceed $10 trillion within the next three years.

For merchants, the damage from cybercrime isn’t abstract—it falls right in their laps. When fraudsters use stolen credit card data to make unauthorized purchases, the cardholder has recourse in the chargeback process. They can dispute the transaction and get their money back, but that means the merchant ends up being held liable for the fraudulent charge. To make matters worse, chargebacks come with additional hazards and penalties.

To protect themselves from chargebacks and revenue loss—and the damage to your reputation that can come from being involved in a data breach—merchants must take the time to learn about Magecart and other identifiable forms that cyberattacks can take.

What is Magecart?

Magecart is a type of cyberattack that is defined by the tools and techniques used to carry it out. It’s essentially an online version of a credit card skimmer, which is a physical device that attaches to point-of-sale terminals and intercepts cardholder data for later retrieval by the fraudsters who placed it there. A Magecart attack involves the use of malicious software that intercepts data during the checkout phase of the e-commerce shopping experience.

There are various methods fraudsters can use to infect an e-commerce site with Magecart software. Once installed, Magecart reads payment card credentials and other customer data that is entered during the checkout process. It may transmit this stolen data to the fraudster immediately, or it might store it locally (and hidden) for later retrieval, which can be harder to detect.

Once the fraudster obtains the stolen data, they can use it to make unauthorized purchases, engage in identity theft, or sell it on the dark web.

The term “Magecart” came from mashing together “Magento” and “shopping cart.” Magento (which is now Adobe Commerce) was a widely-used e-commerce platform that was a prominent target of this type of cyberattack, and the shopping cart component of the platform was where the attackers’ code was injected. Magecart-style attacks may also be referred to as “formjacking” or “e-skimming.”

How Do Magecart Attacks Work?

Magecart attacks come in many different variations. One of the major distinguishing features is where the malicious software code resides. Some Magecart attacks inject the code (typically JavaScript) on the browser side, capturing the customer’s data with a fake shopping cart page that appears when they try to check out. This type of attack is what “formjacking” usually refers to. Magecart attacks can also be performed by injecting the hostile code on the server side, through the use of malware or by exploiti

Manage Chargeback In-House Or OutshoreMagecart attacks can also be directed at third-party e-commerce service providers. This is known as a supply chain attack. While uncommon, they can be extremely dangerous, as a successful attack against a single vendor can compromise every single client that vendor services.

Cybercriminals can use a variety of methods to inject their Magecart software, such as hacked passwords, phishing, software exploits, or malware. In addition to stealing customer data, server-side Magecart software may set up hidden back doors to facilitate future attacks.

Why is Magecart So Notorious?

While some Magecart operators attack broad swathes of the e-commerce sector, Magecart has been the methodology behind a number of high-profile attacks against large organizations:

  • Ticketmaster, June 2018: Digital skimmers were placed on Ticketmaster’s checkout pages through an attack carried out against one of their third-party vendors.
  • British Airways, September 2018: A server-side formjacking attack stole payment information from about 380,000 web and mobile customers.
  • Macy’s, October 2019: Card-skimming code was found in both the checkout page and in an area of the site related to customer account management.
  • Tupperware, March 2020: Formjacking software was embedded in an inline frame of the site’s checkout page.
  • Segway, January 2022: The personal vehicle manufacturer’s e-commerce store was breached by skimmers that were injected into the site hidden in a favicon.ico file, the image file for the small graphic that displays in browsers next to a website’s address.

How Can Merchants Protect Themselves from Magecart?

Preventing Magecart attacks is not easy, as they are designed to breach secure e-commerce sites through the use of hacking techniques, software exploits, and other advanced methods.

One thing you can do ahead of time is tightly restrict access to your e-commerce software platform, and enable two-factor authentication for accounts with administrator privileges. It may also be helpful to use anti-malware software that can detect Magecart indicators.

It’s a good idea to routinely audit your e-commerce site for vulnerabilities. If possible, ask the third party vendors who work with you to audit their software to look for injections of malicious code.

When prevention isn’t possible, early detection is the next best thing. Any time you detect malware on your system, change your passwords right away. If your customers report problems or strange errors message during checkout, investigate immediately.


Small and medium-size merchants should take note that even though Magecart is known for going after big targets, your size won’t necessarily keep you safe. Supply chain attacks can impact large numbers of merchants of any size, and cybercriminals are always willing to go after small or obscure targets if they sense an opportunity.

When merchants fall victim to Magecart attacks and similar breaches, the data that gets stolen becomes the source of the compromised payment credentials that get traded over the dark web and eventually used to carry the garden-variety credit card fraud that results in chargebacks. The fallout of a successful Magecart attack can spread far and wide, so it’s important to factor them into your overall cybersecurity plan.

Thanks for following the Chargeback Gurus blog. Feel free to submit topic suggestions, questions, or requests for advice to:

Chargebacks 101

Leave a Reply

Your email address will not be published. Required fields are marked *