Consumers have been warned for years about the potential danger of compromised payment card readers. Whether in a store, at a gas pump, or even an ATM, a thief simply has to tamper with the keypad and card reader a little bit, install a micro-thin skimming device, then gather up your card information.

Now, a recently uncovered threat called formjacking is basically doing the same thing, only it is happening when you enter your payment details on a website. By inserting malicious code into the site, cyberthieves can swoop in and steal your card number, security code, zip code, and much more.

According to security software developer Symantec, “The number of instances of formjacking blocked by Symantec more than doubled, jumping from just over 41,000 to almost 88,500—a percentage increase of 117 percent.” The company estimates it blocks nearly 7,000 formjacking attempts every day.

This might sound like a problem that only targets less secure websites, but that’s not who thieves are going after. With websites like Ticketmaster being a victim, formjacking targets large e-commerce companies. By gaining access and injecting the harmful code into a website payment page or form, the hackers steal your information without you realizing it and without you ever leaving the trustworthy site you visited. Hackers can gain access to these trustworthy sites through supply chain attacks or by going through a third-party integration like payments, analytics or chat. If a third-party integration is compromised by hackers that is used widely, multiple websites could be at risk from just one infiltration.

That means consumers have to protect themselves from an invisible threat. Fortunately, a comprehensive security suite can often include additional features like suspicious URL blockers which keep you from landing on unsafe websites as well as payment card protections. With options out there to meet every budget—from free to car payment-sized—you can certainly find a solution that offers you greater protection and still fits your finances. If your card information is stolen, you can find out about it immediately by launching “card not present” transaction alerts from your financial institution.

On the other side of the web, it’s up to businesses to ensure they are not putting their customers at risk. It’s important to fully vet any third-party provider that connects to your company’s website, no matter what kind of service they offer. Companies should also ensure they are taking proactive steps to prevent these attacks and perform regular security checks.

Symantec is a proud financial sponsor of the Identity Theft Resource Center

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The How and Why of Tax Identity Theft

Standing in long lines, waiting to get into your favorite singer’s concert could soon be a thing of the past.

Ticketmaster has announced a new wave of technology that is already testing at certain venues in limited markets. Now, instead of handing over your ticket or scanning your phone’s screen at a concert, sensors can capture a peek at your face and compare it to your stored facial parameters. Just smile and wave as you breeze through the turnstile, right?

However, the process, which takes less than a second, is far from foolproof. Developed in conjunction with Blink Identity—a company that has developed this technology for military applications in the Middle East—Ticketmaster’s use of this kind of tool has already got security experts scratching their heads. What happens to your stored facial data? Who else can use it? How is it being protected?

More importantly, if Ticketmaster can use a nanosecond glimpse of your face to identify you in a crowd, then who else can do it, and how will it be used?

There are some less obvious concerns than the futuristic “what if” of using this technology for mass surveillance. First, there’s very little in the way of legislation concerning this kind of recognition and tracking, at least in the U.S. Only three states—Illinois, Texas, and Washington—have laws to protect the public from the unauthorized use of their faces or other biometric markers like iris scans or fingerprints and there are no federal laws in place at this time.

Another key issue is understanding who may already have this data and who can access it as a third-party to that company. Facebook, for example, rolled out facial recognition quite some time ago based on photographs that users uploaded and tagged with names. Any company that is entitled to use Facebook’s stored data could potentially use facial images and accompanying usernames. Currently, a class-action lawsuit over this practice is still underway.

Self-incrimination is another chief concern among advocates for stricter control over facial recognition. If merely walking down a street means surveillance cameras can spot you and put you near the scene of a crime at the correct time of day, the burden of proving the case shifts from investigators proving that you’re guilty to you having to prove you’re not.

Finally, a new report by The Independent demonstrates that facial recognition as a crime-fighting tool was ineffective in 98 percent of the cases. These findings, culled from freedom of information requests, found that only two out of 104 alerts were able to identify facial recognition from public surveillance cameras in the U.K. correctly.

As new technologies are developing and implemented, it’s important that lawmakers work to keep up with the potential uses—and abuses—of the innovation. While legal precedents remain, it will be up to consumers to determine for themselves what level of biometric use will make them comfortable.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.