Only 13% are Confident They Understand What Information Tags Collect
A global report published today by Jscrambler, the pioneering platform for client-side protection, and conducted by Dimensional Research, outlines the risks and exposure created by third-party JavaScript tags. While businesses understand that third-party tags collect information, only 13% are confident they understand what information they collect and only 26% are aware that tags leaked their private user data to other organizations. Full details are available in the report “The Perils of Third-Party Tags: Examining the Client-Side Security Risks and Compliance Challenges of JavaScript.”
Also Read:Â An Evolutionary Approach to Artificial Intelligence
“Today, virtually all websites use JavaScript to seamlessly integrate third-party services and transform their online operations by leveraging analytics, user tracking, payments, social media, communications, support chat functions and chatbots, performance measurement, and more,” said Rui Ribeiro, CEO and co-founder, Jscrambler. “But this adoption comes at a price. Most businesses have no idea what information these tags are collecting and what highly sensitive customer data may be being leaked. Companies must invest in client-side protection and compliance solutions to continue benefiting from these tags while protecting user data from being collected, skimmed, or leaked by third parties.”
Key Findings of the report include:
Third-Party Tags Collect Sensitive Information, Creating Significant Compliance and Security Risks
Nearly every respondent (97%) indicates that they know that third-party tags collect sensitive or private information regularly. Additionally, 49% admit that in the previous 12 months, these tags collected data they were not supposed to, including site traffic, website form data, login, order, social media information, customer account details, and more. And it doesn’t stop with data collection – 26% of respondents realize sensitive data has been leaked to another organization.
The Case of Google Tag Manager
Google Tag Manager (GTM) may present the best illustration of the value of tag usage while also highlighting users’ limited understanding of the potential risks involved. According to the research, while more than 90% of respondents are familiar with GTM, only 33% recognize that teams can autonomously add more third-party tags and code without additional authorization, creating major compliance and security risks. Slightly more encouraging is that 47% confirm that GTM creates privacy and compliance risks.
Digital Skimming Prevention and Tag Audits are Crucial as March Compliance Deadlines Draw Closer          Â
As compliance implications for third-party vendor tag use become more pronounced, it is promising that 61% of respondents state that a tool that prevents digital skimming is key to achieving PCI DSS compliance. This is especially important regarding PCI DSS requirements 6.4.3 and 11.6.1, designed to prevent digital skimming attacks on websites that capture payment card data. The deadline to comply with these two requirements is March 31, 2025.
What’s encouraging is that 57% of respondents audit third-party tags to ensure data collection authorization and compliance. Gaining control over the behavior and data consumption of third-party tags is instrumental in helping organizations comply with various standards, regulations, and laws, including PCI DSS, DORA, GDPR, and HIPAA.
Also Read:Â How Understanding Customer Needs Fuels Product Success
Critical Need for Client-Side Protection
Although data protection policies require strict enforcement and scalability, only 36% of respondents’ companies have policies and tools to prevent data skimming. For example, one-quarter of respondents cannot ensure that sensitive data in their company’s chatbot is not shared with another third party.
When it comes to addressing the issue, 68% of respondents agree that a client-side protection and compliance solution should be deployed to protect user data from being collected, skimmed, or leaked by third parties. Furthermore, an overwhelming 97% indicate that a client-side protection and compliance solution would be valuable to their company. This consensus highlights the critical need for enhanced client-side protection measures.
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]