Home Blogs Being on the Right Side of Client Protection
Applications

Being on the Right Side of Client Protection

About The Author

Outline

You know that feeling when you wake up from a nightmare that your credit card has been stolen along with the balance of your account and your identity? For most of us, it’s just a nightmare that disappears from our memory bank by breakfast, but for many others it’s a reality that leads to an immediate call to your credit card provider.

Now imagine you are that credit card provider or the commerce site that is accepting your data and you’re losing significant revenue, customer loyalty and a lost sense of security. The integrity of your payment page scripts executed in the consumer’s browser matters. It’s part of your own identity, so when it’s compromised, the impact is felt exponentially.

Today, browser attacks target the software supply chain in a big way, and many get nervous for good reason.

Over a five-month span at Ticketmaster in 2018, 40,000 credit cards were compromised, thanks to the handiwork of Magecart. By putting malware on one of the customer service pages, personal information and payment card information were stolen.

But this is not the first and certainly not the last. Along with the evolution of technology, which of course includes the in-your-face emergence of AI, has come a sharp uptick in cyber threats from all sides. According to Veracode State of Software Security, 55% of JavaScript apps had at least one OWASP Top 10 vulnerability and nearly 10% had high severity flaws. With the ubiquity of client-side JavaScript libraries used across modern applications, the need for client-side protection has never been greater.

As web applications increasingly rely on client-side logic and integrate more third-party resources, client-side attacks are on the rise. Up until a few years ago, attacks that targeted applications on the server-side, more often to exfiltrate data from backend databases, compromise webservers and other infra, or serve as an entry point from which attackers could move laterally across an organization, garnered far more attention.

Client-side attacks, that include Magecart attacks, directly target sensitive customer data, leading to breaches and violations of data privacy regulations. To tackle this evolving threat, PCI DSS 4.0 introduced new security measures focused on the client side.

Organizations handling payment card information are required to follow the new standard, version (4.0), of the Payment Card Industry (PCI) Data Security Standard (DSS) by the end of March 2025. Failure to comply with PCI DSS can result in significant fines and restrictions on payment platform use in the future.

So, what is a credit card provider or e-commerce site to do?

Client-Side Protection (CSP) helps protect against end-user data exfiltration, shields websites from JavaScript threats, blocks bad scripts, and supports multiple content security policies. It also provides actionable insights in a single dashboard view and delivers alerts to mitigate harmful script activity.

Using a layered approach at the edge, Edgio’s new CSP continuously monitors those client-side scripts and APIs so that the sensitive customer data is not compromised in events like XSS attacks, clickjacking, form jacking and Magecart attacks like the one that affected Ticketmaster. Teams can easily manage which scripts are authorized to run, by page, while complying with the new version (4.0) of the PCI DSS by next year.

According to Verizon’s 2023 Data Breach Investigations Report, an estimated 18% of retail breaches are attributed to Magecart attacks.

Edgio CSP becomes even more formidable with the support of a Web Application and API Protection (WAAP), a platform that protects web assets from a wide range of critical threats – from DDoS and malicious code injection to API and Bot attacks – all on the edge. With WAAP, you get defense-in-depth against multi-vector attacks all from a single, intuitive console, for greater observability across all apps and less overhead.

Client-Side Protection gives you everything you need for secure, high-performing apps.

Edgio Protect and Perform Application bundles provide everything you need to build, secure and deliver high performing apps with predictable, flat-fee pricing with no overage charges. Plus, industry-leading Managed Security Services are included in Application bundles, to help teams by offering a white-glove, 24/7 service that gets you prepared for evolving attacks and continuously enhances your security posture.

Edgio is committed to continue shifting with the evolving landscape of technology, being on top of what our customers need no matter where it takes us…and that includes being on the right side of protection!