Having a safe and secured website; and creating a trust for your guest is extremely important especially when you have a booking engine.
Consumers have been warned for years about the potential danger of compromised payment card readers. Now, a recently uncovered threat called formjacking is basically doing the same thing, only it is happening when you enter your payment details on a website. By inserting malicious code into the site, cyber thieves can swoop in and steal your card number, security code, zip code, and much more.
Why you should avoid using iframe formjacking
Websites having Iframes can cause the above threat. Here are four main reasons why we strongly suggest not to use booking engines with an iframe:
1. Security Risks
Iframes bring security risks and the site becomes vulnerable to cross-site attacks. This vulnerability is called formjacking. Formjacking is a term we use to describe the use of malicious JavaScript code to steal credit card details and other information from payment forms on the checkout web pages of e-commerce sites. You may get a submittable malicious web form, phishing your users’ personal data.
2. Usability Issues
The iframe tag is notorious for creating usability annoyances. Often it tends to break the browsers’ “Back” button or confuses visually impaired visitors, using screen readers Or suddenly opening the iframe content in a new browser window.
3. Iframes Cause SEO Problems
SEO these days plays a very crucial role in getting you visible out there on search engines. However, having iframes on your website/booking engine may affect your search engine optimisation. Google also recommends refraining from creating iframes. Iframes can cause problems for search engines because they don’t correspond to the conceptual model of the web.
4. Stealing Personal Detail Threat
As a property, you would not want any of your guests to complain of having their personal details stolen. Having a secured website and booking engine creates trust. Iframes often cause hackers to collect information, such as payment card details and the user’s name and address.
How to rectify it?
Simply contact your web developer to remove the iframe code or apply a direct booking engine link to open in a new tab.
We strongly advise you to stay away from using the iframe tags, as STAAH takes security seriously and helping clients get rid of any form of risk is our job to notify them.
STAAH Clients
STAAH will no longer be supporting websites with iframes from 13th May 2019 onwards. We suggest all our clients stop using iframe tags.
For any further queries or maintaining domain branding, feel free to contact support@staah.com