Category Archives: Trends

2019 sports industry game-changers

Pete Giorgio

Pete Giorgio, principle with Deloitte Consulting LLP, leads Deloitte’s US Sports practice

Sports trends expected to disrupt and dominate

Like most other industries, sports are being disrupted by technology advancements and cultural changes. How can sports executives capitalize on these industry changes in 2019? Our annual report explores eight trends that could redefine the sports industry in the year ahead.

 

Our starting lineup for 2019

2018 was an exciting year for sports. France beat out Croatia in a goal-filled match to win the World Cup. Simone Biles took home six medals at the world championship. The Red Sox won their fourth World Series title in 15 years. And the Capitals took home the Stanley Cup for the first time in team history.

Off the field, we’ve seen athletes grow as spokespeople for causes, front offices overhauled to bring in even more analytical rigor, and streaming media options grow in prominence. What trends will we be scouting this year? Our 2019 sports industry outlook covers eight trends to watch:

 

sports and digital icons

Athletes as content creators

Gone are the days of sports fans needing reporters to get news about their favorite players. Over the past few years, athletes are increasingly becoming content creators in their own right—be it through Instagram, Twitter, or long-form stories on websites like The Players’ Tribune.

While the athlete’s role as an individual content creator serves as a small complement to traditional media, this trend—buoyed by stars who were raised in the digital age—could become even more impactful and important in the coming years. This platform will enable further expansion and value of personal brands while also opening the door for the next generation of athletes to build their brands before they become household names.

————–

“The fewer barriers there are between athletes and fans, the more commercial opportunities that will materialize. The value in having fans relate to their favorite players is immeasurable.”

Brian Finkel, Deloitte Sports Research, Deloitte & Touche LLP

————–

 

virtual reality headset

Augmented and virtual reality

As technology advances, the challenge of keeping fans constantly engaged has become more and more difficult. Any lull in the game leads to fans diverting their attention to their phones and consuming content from other venues.

However, the growing integration of augmented and virtual reality is transforming the customer experience by giving fans the opportunity to get “closer” to athletes while having a single platform to access a wealth of data. While there are still some kinks that need to be worked out, this is a time where prioritization of customer experience is at an all-time high.

————–

“VR brings the best of the stadium into the home, while AR brings the best of home into the stadium.”

Allan Cook, digital reality leader, managing director, Deloitte Consulting LLP

————–

 

football plays on a chalkboard

The offensive revolution

Few ideas are as widely accepted among sports fans and players as the old adage that offense sells tickets, but defense wins games. As we watch shootout after shootout across professional sports, during the regular season and the playoffs, analysts are beginning to wonder whether times have officially changed.

While viewership numbers are up, purists question whether such a focus on offense has impacted the integrity of the games they love. This presents teams with a tough decision to make: Do they keep investing in offense and hope that’s enough? Or do they consider strategic defensive investments that will enable them to play a different game to compete in both the arena and in the market?

————–

“While increasing offense intends to sell more tickets, leagues will have to balance offense with maintaining the value of defensive skill and the historical backdrop of their sport.”

Lee Teller, specialist leader, Deloitte Consulting LLP

————–

 

sports betting app

Sports betting trends

What happens in Vegas no longer needs to stay in Vegas. With states now free to choose whether to legalize sports betting or not, many key stakeholders see opportunities to monetize, while others raise concerns about the impact legalized gambling could have on the integrity of the game, and federal and state governments consider their roles and legislative next steps.

Not only will betting impact the relationship between leagues, gambling institutions, data providers, and the government, it’s already changing the way fans can interact with games. The NBA recently announced an offering that allows fans to stream the fourth quarter of a game for $1.99. While convenient for the busy fan who is only able to watch part of a game, this is particularly notable for gamblers staking bets on real-time game lines who want to watch critical moments in the games they bet on.

————–

“September 2018 marked the first month of online sports betting dominance in New Jersey. With results from recent months, this trend has and will continue to be the dominant theme for the foreseeable future.”

Jamie Poster, manager, Deloitte & Touche LLP

————–

 

bubble map of sports icons

Tackling mental health

The past few years have seen an increasing number of high-profile athletes, storied franchises, and top programs publicly address a topic that affects both MVPs and weekend warriors: mental health. Many stars have offered a glimpse behind the curtain of endorsements and champion podiums into lives affected by symptoms of depression, anxiety, and other mental health conditions.

With one in four people worldwide affected by mental or neurological disorders during their lives, the notion that handsomely paid and highly visible athletes are willing to shed light on a topic historically burdened with a negative stigma is both a positive movement and refreshingly relatable. With each athlete that comes forward, it becomes increasingly apparent that the sports world’s investment in mental wellness is only just the beginning.

————–

“Mental health is more than a hot-button societal issue, it has the opportunity to become a key long-term competitive advantage for the teams and countries that effectively engage, support, and work with their athletes.”

Ramya Murali, senior manager, Deloitte Consulting LLP

————–

 

soccer players and goalie

European soccer reaches America

Every two years, soccer’s popularity in America spikes as fervor surrounding the World Cup spreads throughout the nation. However, recent polling points not just to cyclical interest but long-term, sustained growth. Soccer is now the second-most-played youth sport in America and more Americans between the ages of 18 and 34 name soccer as their favorite sport over baseball.

European nations have taken note of this rise and are seeking to capitalize. The English Premier League inked a deal with NBC Sports in 2015 reportedly worth a billion dollars to stream its games to American households. And investments extend to human capital as well: European clubs are increasingly looking to young Americans to fill their rosters.

————–

“The US market provides a massive marketing, financing, and talent opportunity for European soccer—from traditional powerhouses to lower division teams looking to regain relevancy.”

Sam Ebb, senior consultant, Deloitte Consulting LLP

————–

 

phone and video game controller icon

eSports

With the vast audiences drawn to eSports and the increasing direct ties to professional leagues, we’ve seen players, executives, and owners jumping into the arena as team owners and avid gamers, as well as a way to continue to connect with teammates and fans off the court. As leagues look to continue building and expanding their fan bases, their eSports presence will be a major part of those interactions.

Over the coming year, we expect teams and leagues will continue to embrace eSports as a part of the existing major sports leagues, including efforts to integrate eSports opportunities into the existing sports experience, from eSports lounges in Topgolf facilities to an eSports arena in the Real Madrid’s new stadium.

————–

“The eSports landscape continues to stabilize around the maturation of teams and leagues and increasing sponsor engagement.”

Kat Harwood, senior manager, Deloitte Consulting LLP

————–

 

bar graph and pie chart

Personalizing fan engagement

While organizations have always collected data from season ticket holders, fan loyalty programs, and other fan engagement sources, many teams house this data in disparate databases and siloed customer-relationship management systems. These organizations, though, are starting to think about the fan holistically, requiring a centralization of these touchpoints into a single source of truth that can drive deeper, more personalized fan engagement—inside and outside of the stadium.

As sports teams and leagues build on and incorporate the successes of the e-commerce revolution, they’ll be able to connect all dots of a single fan’s journey, helping to sell additional tickets while also driving personalized connections and experiences that can increase the lifetime value of fans. Over the next year, we believe organizations will adapt their marketing functions to leverage fan data and become even more nimble and automated.

————–

“A key question for teams remains who is in each seat, but more importantly, focus is shifting to who engages with the brand inside and outside the venue?”

Chad Deweese, manager, Deloitte Consulting LLP

————–

________________________________________________________________________________________________

Download the full report to learn more

 

Take a look back at previous years’ reports:

2018 sports industry trends

2017 sports industry trends

2016 sports industry trends​

 

Let’s talk sports industry trends

We believe these topics are going to impact the business of sports, both on and off the field, over the next 12 months. But invariably new stories, trends, and themes will emerge that further disrupt the industry, derail the game plan for executives, and delight us as sports fans. Please tweet #DeloitteSports to share the sports trends or opportunities that are on your mind in 2019.

football field

Get in touch

Pete Giorgio

Pete Giorgio
US Leader | Sports

pgiorgio@deloitte.com

Pete, a principal with Deloitte Consulting LLP, leads Deloitte’s US Sports practice, serving multiple sports clients including the United States Golf Association, NBA, United States Tennis Association… more

Delivery robots are poised to invade our cities, but are we ready for them?


Photo credit: FedEx

John R. Quain

John R. Quain, Contributor to Digital Trends @jqontech Posted on 04.14.19 – 1:00AM PST

 

Gaggles of delivery R2D2’s scurrying down suburban streets? It sounds like a technological nightmare worse than an e-scooter infestation. But the concept of robot messengers got a major boost recently when FedEx announced plans to start testing such a service this summer, and for smart cities, it may not be such a crazy idea after all.

There are already several pilot robo-delivery projects running in the U.S.

Nuro, for example, recently announced it’s moving on from Arizona and expanding its delivery partnership with grocery giant Kroger to four Houston zip codes. Nuro’s vehicle is more of autonomous compact car than a rolling robot, but so far people seem happy to pay the roughly $6 for the self-driving silver surfer (probably because they don’t have to tip the car).

Nuro Delivery Robot
Nuro

The 7,000-pound gorilla in retail, Amazon, is reportedly testing a sidewalk-crawling delivery bot in Seattle. The project looks like a more practical service for suburbs — especially compared to drones, which are restricted or outright banned in many urban areas.

Most recently, FedEx has announced that it plans to begin testing its own autonomous delivery robot in Memphis, Tennessee. And while there are other delivery bot tests underway in addition to the ones mentioned, the entrance by the preeminent delivery service in the U.S. into the self-driving space represents something of a milestone.

Hitting the streets sidewalks

FedEx isn’t talking about autonomous vans and trucks — at least not yet. And the challenges facing even mainly on-the-sidewalk robots are legion. Weather, uneven terrain, traffic, poor cellular network coverage, and humans behaving badly are just a few of the headaches facing programmers. However, FedEx’s partners and its own delivery infrastructure imply that it may be uniquely positioned to overcome those obstacles.


The delivery bots, for example, are designed in partnership with Dean Kamen’s DEKA Development & Research Corp. Kamen is best known for developing the Segway and the iBot Personal Mobility Device, a wheelchair that can climb stairs. The latter demonstrates that DEKA’s engineering skills will probably be able to help FedEx surmount some of the navigation issues for door-to-door delivery. Indeed, the fully electric FedEx SameDay Bot is based on the iBot, with some additional technology that makes it autonomous, including lidar, radar, and video cameras to assist in navigation.

According to Kamen, the SameDay bot can run at about 10 miles per hour, “which won’t disturb pedestrians.” Kamen made the remarks during a presentation to announce the new partnership. The inventor said the SameDay Bot’s speed limiter means it won’t cause the kinds of problems associated with cyclists and messengers who hop onto sidewalks — but it will still be able to handle round trips of up to eight miles relatively quickly.

The road ahead

FedEx plans to work with retailers including AutoZone, Lowe’s, Pizza Hut, Target, Walgreens, and Walmart to perform, as its robot’s name implies, same-day door-to-door deliveries. Customers can open the bot using a smartphone app, or have it opened by a remote operator. Those operators will also control the bots should the machines encounter situations they don’t recognize.

robot delivery dog ces 2019 continental pp cube robodogs
Continental’s delivery robot concept

“It’s a way they could take on Amazon,” Gary Goralnick, a shopping center developer, told Digital Trends regarding self-driving technology. Goralnick said integrating online ordering and same-day delivery, for example, has helped brick and mortar retailers turn the corner and compete against Internet-only outlets.

Still, others note that such self-driving solutions beg for an infrastructure solution.

“You have to redesign the city before you layer in the technology,” Duncan Davidson, a technology investor with Bullpen Capital, told Digital Trends. Davidson pointed to examples such as e-scooters causing problems in Los Angeles and Uber cars causing additional congestion in New York City as ways in which technology can wreak havoc in cities — unless it’s supported by the right infrastructure changes.

None of these robo-delivery services will work unless consumers embrace the concept

Autonomous cars and delivery vehicles, for example, may need their own dedicated lanes. Making such changes could improve safety and help reduce traffic. And there are many ways in which same-day delivery in underserved areas could help home-bound individuals who suffer from chronic illnesses or other restrictions that prevent them from getting outside.

Indeed, Hyundai has a program called Elevate to develop an autonomous vehicle that can navigate rough terrain and even climb stairs to reach customers. And Dean Kamen’s iBot was originally designed to help people such as disabled veterans get around on their own. (The partnership with FedEx should help make the iBots more affordable for those who need them, according to Kamen.)

Ultimately, none of these robo-delivery services will work unless consumers embrace the concept. As long as they steer clear of scary robots, like Boston Dynamics’ headless Spot Mini, and focus on friendly delivery devices that look like R2D2, it may just work out.

________________________________________________________________________________________________

Digital-Native Retailers Are Giving Physical Stores a Radical Makeover


Photograph by Thomas Barwick

By Flavio Palaci, Ramy Sedra, and Anand Rao all from PwC  January 18, 2019

Online brands are opening brick-and-mortar shops, using technology and data-driven customer insights to transform the in-store experience.

 

On Black Friday in 2018, online spending in the U.S. leapt 24 percent from the previous year. By contrast, in-store sales fell by 7 percent and footfall was down 9 percent. These numbers might give the impression that brick-and-mortar stores are losing relevance with consumers, but several successful online-only retailers are actually opening physical shops — and traditional brands can learn from them by looking at why and how they’re doing it.

There are many reasons for online-first retailers to add an offline presence. For one thing, physical retail still accounts for about 85 percent of global business-to-consumer commerce. And although digital retail is growing, so is in-store retail. PwC’s 2019 Global Consumer Insights Study — to be released soon — shows that 24 percent of consumers regularly used mobile to shop in 2018, compared with 11 percent in 2014, and 49 percent regularly shopped in a physical store in 2018, versus 36 percent in 2014. Stores allow consumers to experience and engage with a brand, its products, and its culture. Buying in a store is also sometimes faster and more convenient than online shopping. And new technologies enable retailers to gather insights from in-store video and audio data in ways that have never before been possible. Finally, physical stores provide online retailers with local distribution centers for their products.

Digital natives apply their pioneering spirit to the physical world, using their inherent data-led knowledge of customer behavior and their comfort with technology to rethink and remake the experience shoppers have in their stores. And they’re showing the way forward for some of the savviest older retailers and brands. Here are some of the lessons bricks-first retailers are picking up from their digital-first peers.

Create a frictionless store. Online retailers have to focus on user experience and customer journeys to succeed. Shoppers are easily distracted from an online purchase by the ping of an arriving email or a flurry of social media likes. Each click away from the page could cause them to ditch their carts, so e-commerce strives to be as frictionless and engaging as possible.

And now, some online retailers are applying the same thinking to physical stores. Amazon Go grocery stores, for example, have resolved a major pain point: the checkout. Instead of paying traditionally, customers scan their Amazon Go app as they enter, their purchases are recorded by sensors throughout the store that are supported by artificial intelligence (AI) and radio-frequency identification (RFID), and their accounts are automatically charged when they leave.

Amazon is considering placing Go stores in the lobbies of office buildings and in airports. This fits with a growing trend for “microtrip” shopping, or short trips that take less than five minutes. According to PwC’s study, one-quarter of consumers make trips like these once or more per day.

Another point of friction for customers is not knowing whether the items they need will be in stock at a physical store. Canadian online fashion retailer Ssense has solved this problem. Its shoppers can browse 20,000 products online, and the ones they’d like to try on are then shipped from warehouse to store within an hour.

Use data to add a personal touch. Digital-native retailers are data-centric, and as a result have been able to disrupt brick-and-mortar shopping by being better at predicting customer needs and wants. In some cases, their insights reveal that customers want to see and use products in real life.

Online mattress retailer Casper announced last summer that it would open 200 stores across the U.S., after finding that sales grew more quickly in areas where it had operated temporary stores. A physical presence in a busy location can be a powerful marketing tool, too. Casper CEO Philip Krim told the Wall Street Journal the company’s stores make the brand visible, which is helpful because acquiring customers online has become more competitive and expensive.

Traditional retailers are also using data to get to know their customers better. Nike, for example, has spent a decade building its NikePlus membership program. It now has data not only on its members’ tastes in clothes and shoes but also on their exercise habits. It uses that data to curate stock at its Nike Live concept store in Los Angeles, and to offer personalized advice to ensure members have the best kit for their fitness goals.

The lessons from the Nike Live store have been used at the company’s New York flagship, where the “Speed Shop” department stocks merchandise based on online sales in the store’s postal code. And getting back to the frictionless experiences mentioned earlier, customers can also reserve the shoes they want using the Nike app and then collect them from an in-store locker, opened by the same app. They can pay for the merchandise in the app, too.

________________________________________________________________________________________________

“Data and technology are the connective tissue underlying the creation of rich, informative in-store experiences.”

________________________________________________________________________________________________

Stores are also using data on customers’ physical locations to enhance experiences. For instance, Nordstrom has experimented with a customer-tracking app that notifies staff as each person arrives, arming the sales team in advance with information about that shopper’s buying habits. For some people, this is delightful and convenient, but for others it’s intrusive and unwelcome, so data analytics is helping companies determine which customers are which, too. Of course, for these location- and habit-tracking features to work, people will have to trust retailers with their personal information — and that will be a big hurdle to overcome.

Make shopping fun. Personalization can help turn offline retail into a rich experience that consumers will seek out. And technology can enable even more ways to make shopping entertaining.

For example, French beauty brand Sephora is using augmented reality to allow customers to test makeup virtually. London fashion store Missguided’s expansion offline involved creating a flagship store inspired by a TV studio, with huge screens that stream customer-generated social media content.

The New York City location of fashion retailer Rebecca Minkoff has interactive mirrors in the dressing rooms so customers can order a different color or size with a few taps. They can also customize the lighting so it matches the environment in which they will wear the outfit.

Track different things better. Retailers have traditionally measured success by sales per square foot, and based on that formula, numerous chains have closed branches because of diminishing results. But now that people no longer have to rely on stores as the sole way to access products, this gauge of productivity looks dated.

Last year, Adobe Labs showed off new technology for tracking shoppers through a store in real time, drawing information from in-store beacons, smart shopping carts, Internet of Things sensors, and a mobile app. This technology would allow retailers to direct offers to customers about certain products even as they’re looking at them.

As these various examples show, data and technology are the connective tissue underlying the creation of rich, informative in-store experiences. Digital natives already know the value of understanding and using these tools, and it’s time for brick-and-mortar retailers to catch up. Using already-available digital approaches to capture the rich stream of information on consumers’ in-store and online behavior will turn traditional companies into data-driven organizations with an obsessive customer focus.

 

Author Profiles:

Flavio Palaci is PwC’s global advisory data and analytics leader. Based in Sydney, he is a partner with PwC Australia.

Ramy Sedra is PwC Canada’s data and analytics consulting leader. Based in Montreal, he is a partner with PwC Canada.

Anand Rao is PwC’s global and U.S. artificial intelligence leader and U.S. data and analytics leader. Based in Boston, he is a principal with PwC US.

________________________________________________________________________________________________

Related Stories

The Hot New Thing in Dockless Electric Scooters: Docks


If you love me, you’d dock your scooter properly. Courtesy of Swiftmile

 

Laura Bliss
Laura Bliss, Staff Writer at CityLab (Transportation and Technology)   Mar 13, 2019

Cities are desperate to tame the sidewalk chaos of the e-scooter industry. One startup offers a solar-powered parking solution.

 

To understand the promise and peril of dockless scooters, look at Austin, Texas. This week, at least 9,000 of the zippy rentables are scattered on the capital city’s streets during this year’s South by Southwest festival. Nine different operators are vending cheap car-free transportation for the roughly 200,000 festivalgoers that have descended upon the city.That might be great in theory, but mixed with big crowds, car traffic, a general lack of bike lanes, and a ton of free booze, the reality is cluttered sidewalks, tripping pedestrians, and some brutal scooter crashes.Austin, in other words, is experiencing a Class 5 scoot-nado—a particularly intense variation on the shared-mobility disruption that cities nationwide have seen over the last two years. Which is why there’s a growing demand to bring scooter-sharing back to its roots, at least partly: Cities want docks for the dockless.“We’ve all seen the problems associated with these things,” Colin Roche, the co-founder and CEO of Swiftmile, told me as he packed up his company’s booth at the National Shared Mobility Summit in Chicago last week. “But we also know the promise. In high-impact areas, they need to bring some order to the chaos.”
Swiftmile makes parking stations for e-scooters and bikes in support of what it calls a “semi-dockless” operating model. Their docks can pack in up to 24 Birds, Limes, Spins, and Skips in a space the size of a standard parking spot, using individual holsters equipped with anti-theft locks. More than glorified bike racks, the stations also use solar power to charge scooters while they’re tethered. They accommodate virtually all scooter models, and can gather data about vehicle use and condition.The idea isn’t necessarily to bring all dockless scooters in from the wild. In high-scooting cities, Roche thinks the sweet spot is making parking available for about 25 percent of the total fleet, especially in areas with heavy foot traffic where sidewalk space is limited and vehicles tend to get carelessly dumped. With the rest roaming untethered, providers can still reap what are seen as the economic advantages of a dockless system, Roche explained: When rentables are freed from their expensive docking infrastructure, companies can invest in the volume and scale that may be needed to grow ridership. For the sake of comparison, docked bikesharing programs generally cost about $4,000 to $5,000 per bike; electric scooters retail for between $100 and $500.

               Lyft shows off its low-fi docking solution in Arlington, Virginia. (Andrew Small/CityLab)

Roche also maintains that Swiftmile’s charging docks mean vehicles can spend more time in use and require less human labor and resources to get recharged. An analysis by Quartz recently estimated that scooters in Louisville have a lifespan of just 28 days, and that Bird, the largest scooter company in the field, loses $293 per vehicle in the Kentucky metro. “The companies spend 50 percent of their operating costs on getting these things charged,” Roche said. Though he didn’t offer numbers, Swiftmile’s website explains that the pricing model is based per charge, and is designed for savings.

Other brains in the business are starting to advocate for more of a semi-dockless model, too. Kyle Rowe, the head of government partnerships at Spin, said he expects to see more dockless-scooter docks emerge in the congested corridors of the country’s scooter capitals, with the majority of the vehicles still ranging freely in residential areas. And Caroline Samponaro, the head of bike, scooter, and pedestrian policy at Lyft, believes that docks should be available for entire fleets of shared scooters and bikes. “What a dock does is mimic that idea of a public transit station,” she said. “It creates a predictable way for people to engage with this mode.”

Lyft, which owns Motivate, the country’s largest docked bikeshare operator, also rents dockless scooters in several cities, and is demoing its own parking racks outside a barbershop at SXSW and at the National Bike Summit in Washington, D.C., this week. Lyft’s racks don’t offer charging, and aren’t formally deployed in any city yet. But they create an opportunity for Lyft to talk about the benefits with interested parties, Samponaro said.

They also offer a way to address the safety concerns and injury lawsuits that have beset the nascent industry. The Washington Post reported this week that an 87-year-old woman in Santa Monica is considering suing Lyft after suffering a fall over a wayward scooter lying in the sidewalk. Some cities, including Santa Monica, Seattle, and Austin, have already tried other ways to contain the devices, such as spray-painted sidewalk “bird cages” and coned-off street “corrals.”

It’s too soon to say if such cosmetic interventions are quantifiably helping with safety and clutter, but anecdotally, at least, “they’re not hurting,” said Francie Stefan, Santa Monica’s acting chief mobility officer. “It’s helpful to have some sense of order and give people an idea of where the devices belong.”

Not everyone believes that the future of shared mobility involves re-embracing the dock. A parking and charging station might sound simple enough to install, Stefan said, but the devil may be in the details: Can solar batteries hold enough charge to keep scooters in action? Who will pay for the electrical bills if not, once the stations are wired into the street?And others believe that additional costs of adding all these smart charging docks will make the already-dodgy road to profitability for the scooter industry even more challenging to negotiate. “Docks look pretty, but they’re really costly and hard to adapt,” said Dawn Goodyear, a community engagement specialist for the dockless mobility startup VeoRide. “The ridership won’t be there if we go back the way we came.”
________________________________________________________________________________________________

About the Author

Laura Bliss

Laura Bliss  @mslaurabliss  Feed

Laura Bliss is a staff writer at CityLab, covering transportation and technology. She also authors MapLab, a biweekly newsletter about maps (subscribe here). Her work has appeared in the New York Times, The Atlantic, Los Angeles magazine, and beyond.

 

New Formjacking Technique Used to Skim Payment Details Off Websites

Conor Reynolds, News Reporter at Computer Business Review – 10th December 2018

“In recent months, we have seen a major uptick in formjacking attacks against high-profile websites across the globe”

 

Researchers at cybersecurity company Symantec have identified a new formjacking campaign targeting a French ecommerce site that is prominently featured in global shopping aggregator listings.

Over 30 online retail websites from all over the world were redirecting traffic to the compromised site.

Formjacking is a term used to describe the injection of JavaScript code into the payment section of a website. This code then skims the payment details of unaware customers sending it onto to threat actors to abuse.

The online-store in Paris was injected with a formjacking script which collects the payment information entered onto the website and then sends it to the domain google-analyitics.org; a “typo-squatted” version of the genuine url google-analytics.com.

Another piece of injected code on the same web page looks for the presence of debugging tools, such as Firebug, to thwart security researchers analysing the malicious script; a trend security researchers have increasingly noticed.

See also: Magecart’s 7 Groups: Hackers Dropping Counter-Intelligence Code in JavaScript Skimmers

Siddhesh Chandrayan Threat Analysis Engineer at Symantec wrote: “This latest formjacking campaign highlights the fact that attackers are continuously altering and improving their malicious code and exploring new delivery mechanisms to infect more users.”

Symantec researchers say they have identified more than one million formjacking attempts on over 10,000 websites in the last three months alone.

Formjacking

Symantec told Computer Business Review that the scammers had also hacked other ecommerce websites to redirect visitors to the compromised site.

He believes that the Paris site was selected as a target because it is listed in several shopping aggregators.

Formjacking

Traditionally attackers have targeted retail websites through the software provided by third-parties, as these often contain the weak link in the security chain.

Last summer it was disclosed that Ticketmaster was the subject to a serious cyberattack in which threat actors made off with the payment details of over 40,00 UK customers. A chat-bot designed by third-party supplier Inbenta was identified as the source of the vulnerability.

A report from cybersecurity enterprise RiskIQ identified Magecart tactics and script in the attack, which saw a massive credit card skimming operation that affected over 800 e-commerce websites.

In their report RiskIQ noted that: “Magecart actors breached their systems (Ticketmaster) and, in separate instances, either added to or completely replaced a custom JavaScript module Ibenta made for Ticketmaster with their digital skimmer code.”

See Also: The Ticketmaster Hack is Worse Than First Thought

Unfortunately one of the key factors in formjacking or script payment skimming attacks is that retailers and customers may not be aware that their website and details are compromised. Websites and payment forms operate as normal if the attackers have done their job right.

One way enterprise can protect themselves is to test any new software updates in small test environments. Doing so gives you a chance to spot any unusual behaviour in the script.Software distributors who supplier major retailers with products should have monitoring systems in place that detect any changes in their code or in the updating process itself. Symantec is currently working with the websites involved in this new formjacking attack and so they have not named the websites affected.

« Older Entries