How to Stop Leaky Forms from Putting Ecommerce Customer Data at Risk

Data privacy compliance is an ongoing responsibility for online retailers, and most are vigilant about ensuring that their systems safeguard the information their customers share. After all, no retailer wants to lose their customers’ trust – or face fines for noncompliance with GDPR and other privacy regulations. However, some online shopping sites may be unwittingly placing customer data at risk of exposure through forms supplied by third parties, some of which unintentionally collect PII without user consent. Here’s what retail security teams need to know about “leaky forms” and how to implement security policies that can protect customer data from this hazard.

In the simplest possible terms, a form on a website is leaky if the data that a user enters is exposed to other parties before the user grants permission. If you’re adding your email address to a signup form on a retailer’s website, or keying in your password to sign in, the assumption is that the retailer won’t see that information until you hit “submit” – and that no one else will see that information even after you do so.

However, in 2022 researchers found that many forms on thousands of the most popular websites collected information as it was entered, even if the user deleted the data from the form instead of submitting it. Often the cause was third-party tracking elements on the forms that were configured to collect data during entry. But even when this kind of data collection is unintentional, which appeared to be the case for many sites the researchers contacted, it still puts retailers at risk of violating privacy regulations and damaging their relationships with customers.

Forms can also leak when attackers intentionally tamper with their code to intercept. This is how digital skimming attacks like Magecart collect personally identifiable information (PII) and payment card numbers from unsuspecting consumers. Magecart-style attacks are still around and getting more sophisticated in terms of form design, so they present an ongoing threat to retailers and their customers.

Potential consequences for consumers and retailers

When data is pulled out of forms, by accident or deliberately, the consequences can be severe for customers and retailers. Magecart-style attacks lead to CNP fraud, account takeovers, and identity theft that can cost individuals not only their money but also countless hours of their time to resolve. Customers are unlikely to forgive retailers when such an attack happens on their watch. In ClearSale’s most recent international survey of consumer attitudes on ecommerce, fraud, and CX, 83% said they wouldn’t return to a site where fraud was committed using their card data.

In addition to customer churn and negative publicity, brands can face fines for breach of data regulations, such as the $1.5 million Ticketmaster agreed to pay after customer data was stolen from their site. Retailers may also face lawsuits from customers affected by unauthorized data exposure, and because of the terms of service with their vendors, they may be wholly liable for data exposure even if those vendors’ software configurations caused the exposure.

Best practices for online form security

The researchers who made the initial discoveries about leaky forms reached out to the companies whose sites were affected. They said many had no idea there was a problem and took steps to correct the problem. However, just because one tranche of sites with leaky forms has been identified and addressed doesn’t mean the problem is solved. Ensuring that forms aren’t built with leaks – and don’t develop them later – should be part of ongoing site security for retailers.

Audit your sites’ forms for leaks. The researchers who found the leaks shared their leak detection, form inspection, and other code, so IT and security teams can use it to check their own sites for inappropriately collected form data.

Check third party integrations for configuration issues. Much of the unintentional pre-submission data collection was done due to the way analytics and marketing services were set up. It’s a good idea to review all third-party integrations now, make sure nothing is set to leak, and then re-inspect those integrations periodically to ensure that updates haven’t changed anything in a way that captures pre-submission data. All new integrations should be carefully configured and tested as well.