Third-party JavaScript tags put security at risk
While businesses understand that third-party JavaScript tags collect information, only 13 percent are confident they understand what information they collect and only 26 percent are aware that tags can leak their private user data to other organizations.
A new report from the Jscrambler platform for client-side protection, with research conducted by Dimensional Research, shows 97 percent of respondents say they know that third-party tags collect sensitive or private information regularly.
In addition, 49 percent admit that in the previous 12 months, these tags collected data they were not supposed to, including site traffic, website form data, login, order, social media information, customer account details, and more.
"Today, virtually all websites use JavaScript to seamlessly integrate third-party services and transform their online operations by leveraging analytics, user tracking, payments, social media, communications, support chat functions and chatbots, performance measurement, and more," says Rui Ribeiro, CEO and co-founder of Jscrambler. "But this adoption comes at a price. Most businesses have no idea what information these tags are collecting and what highly sensitive customer data may be being leaked. Companies must invest in client-side protection and compliance solutions to continue benefiting from these tags while protecting user data from being collected, skimmed, or leaked by third parties."
Google Tag Manager (GTM) offers a good illustration of the value of tag usage while also highlighting users' limited understanding of the potential risks involved. According to the research, while more than 90 percent of respondents are familiar with GTM, only 33 percent recognize that teams can autonomously add more third-party tags and code without additional authorization, creating major compliance and security risks. Slightly more encouraging is that 47 percent confirm that GTM creates privacy and compliance risks.
There is growing recognition of the problem, 57 percent of respondents say they audit third-party tags to ensure data collection authorization and compliance. Also 61 percent say that a tool that prevents digital skimming is key to achieving PCI DSS compliance.
You can get the full report from the Jscrambler site.
Image credit: denrud/depositphotos.com