SkimShield

About

SkimShield detects formjacking (web skimming) attacks targeting your payment card data in real time — the kind used in the Magecart breaches that hit British Airways, Ticketmaster, and thousands of online stores.

HOW IT WORKS
When you enter payment details on a checkout page, SkimShield monitors outgoing network requests. If a suspicious script tries to send your card number, CVV, or expiry date to an unknown external server, SkimShield alerts you immediately — and lets you block that domain with one click.

WHAT IT MONITORS
• fetch() and XMLHttpRequest calls
• sendBeacon requests (commonly abused by skimmers)
• Image.src requests (skimmers encode stolen data in image URLs)
• WebSocket connections
• localStorage staging patterns
• Dynamically injected scripts and hidden iframes

SMART HEURISTIC ENGINE
SkimShield uses a multi-signal heuristic engine — not simple keyword matching. It correlates timing, payload content, destination domain, and DOM manipulation patterns to minimize false alarms. 220 recognized domains — including 110+ trusted payment gateways (Stripe, PayPal, Toss Payments, and others), analytics services, and monitoring tools — are pre-classified so legitimate traffic is never flagged.

ADJUSTABLE ALERT LEVEL
• Level 1 (Minimal): Only confirmed dangerous requests
• Level 2 (Default): Dangerous + strong attack signals
• Level 3 (Maximum): All suspicious activity

100% LOCAL — ZERO DATA COLLECTION
All analysis runs entirely in your browser. SkimShield never sends your browsing data, form inputs, or any personal information to any server. There is no account, no sign-up, and no telemetry.

OPEN & TRANSPARENT
SkimShield is built on open web standards (Chrome Manifest V3). No obfuscated code. No hidden behavior.