Digital Skimming 2026 Q2 in Review

Register Now!

PCI-PPO-Statement

July 15th at 2:00 PM ET

Learn how e-commerce security teams can defeat stealthy digital skimming campaigns that bypass static defenses and hide inside your trusted tools.

Are your traditional security controls missing hidden browser threats? Attackers are now stealing payment data directly from the shopper's browser before it ever reaches your secure web servers. Static defenses are no longer enough.

Modern eSkimming campaigns are successfully bypassing Content Security Policy (CSP) and WAFs by hiding inside the trusted services you already use, like Google Tag Manager, Google Analytics 4, and Firebase.

What You'll Learn:

  • The abuse of trusted cloud infrastructure: See how attackers use Google Tag Manager to orchestrate payload delivery and exfiltrate data through Google Firestore, Braintree, and GA4 telemetry.
  • Clever CSP bypass techniques: Learn how hackers exploit forgotten 400 error pages, reuse valid CSP nonces, and utilize WebRTC to silently stream stolen data without triggering traditional alarms.
  • Adaptive fake checkouts: Discover campaigns that fingerprint your merchant architecture and deploy convincing, localized fake payment overlays to steal card data.
  • A shift in the customer journey: Understand why protecting the final payment page is not enough, as attackers now use hidden SVG elements to intercept clicks earlier on product and cart pages.
  • Achieving PCI DSS 4.0.1 compliance: Learn how to meet requirements 6.4.3 and 11.6.1 by implementing behavior-based script monitoring at the point of input.

Save your seat and equip your team with the insights needed to protect your customers and secure your digital storefront today.