Attacks that compromise websites with scripts that steal payment card data from checkout pages have increased to hundreds of thousands of attempts in little over a month.
The most publicized incidents resulting from these attacks are from cybercriminal campaigns known as Magecart, with one group apparently being responsible for compromising the websites of Ticketmaster, British Airways, Feedify, and Newegg.
Magecart campaigns consist of breaching websites and injecting a malicious script that loads on payment pages to collect the card details provided by users at checkout. The data is packaged and sent to a domain controlled by the attacker. This form of theft is also known as formjacking, payment card scraping or web-based skimming.
Read more here