We've all heard of credit card skimmers installed at ATMs and gas stations that steal credit cards from oblivious customers but what happens when attackers target online commerce websites? In this talk, we shall explore an always persistent threat to e-commerce websites known as web skimming. More and more e-commerce websites (British Airways, Newegg, Macy's, etc) have been compromised by web skimming attacks which resulted in attackers successfully stealing millions of credit cards by leveraging a variety of innovative attack vectors from phishing campaigns to injecting scripts through compromised domains. We shall take a look at several such attacks and web skimmer tools like Magecart's Inter and Pipka, and discuss security best practices for hardening e-com sites and protecting your shoppers and your reputation.