What: Third-party JavaScript tags pose significant security and compliance risks to retailers, with only 13% of companies fully understanding what data these tags collect.

Why it is important: As digital commerce reaches record levels and payment fraud escalates, retailers must urgently address the security vulnerabilities created by third-party tags to protect customer data and maintain compliance.

The retail industry's increasing reliance on third-party JavaScript tags presents a significant security challenge, with 86% of companies using these tools for essential functions like analytics, payments, and customer service. Despite their widespread use, only 13% of organisations are extremely confident about understanding exactly what information these tags collect. This knowledge gap is particularly concerning as 97% of respondents acknowledge that these tags regularly collect sensitive data, including payment information and personal details. The risk is amplified by the fact that 49% of companies admit their tags have collected unauthorised data, while just 36% have implemented policies and tools to prevent data skimming. With the approaching PCI DSS v4 compliance deadline in March 2025, retailers face increased pressure to secure their digital infrastructure and protect customer data. The challenge is particularly acute for e-commerce operations, where sophisticated malware and digital skimming attacks target payment processes through compromised third-party code.

IADS Notes: Recent developments in retail security and digital commerce highlight the critical importance of third-party tag management. In January 2025, a sophisticated card skimming malware targeting WordPress checkout pages demonstrated the evolving threats retailers face, with Stripe blocking nearly 21 million fraudulent transactions worth USD 917 million during a single weekend in December 2024. The challenge of securing customer data has become more complex, as evidenced by November 2024 research showing 75% of consumers now base purchasing decisions on how companies handle personal data. With mobile transactions accounting for 70% of global sales and retailers processing an unprecedented volume of digital payments, the need for robust third-party tag security has never been more critical.

The perils of third-party tags