It wasn't before the attacker inserted themselves, but now it is and there's a credit card form for a seemingly legitimate service on your site.