What’s New in PCI-DSS v4.0: Payment Page Javascript Monitoring
PCI-DSS is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. This article is part of a series of articles under the “What’s New in PCI-DSS v4.0” series where we explore what has changed in PCI-DSS moving to version 4, with version 3.2.1. to be retired as of 31 March 2024. Read the other articles here:
- What’s New in PCI-DSS v4.0: HTTP Header Tamper Detection
- What’s New in PCI-DSS v4.0: Supply Chain Inventory of Software
- What’s New in PCI-DSS v4.0: SSL Cert Monitoring
A new clause (6.4.3.) has been added under Requirement 6: Develop and Maintain Secure Systems and Software:
6.4.3. All payment page scripts that are loaded and executed in the consumer’s browser are managed as follows:
- A method is implemented to confirm that each script is authorized.
- A method is implemented to assure the integrity of each script.
- An inventory of all scripts is maintained with written justification as to why each is necessary.
This means that all payment page JavaScript codes that are loaded and executed on the client-side must be managed and inventoried, to ensure the security, authority, and integrity of the JavaScript codes. Beyond compliance, monitoring JavaScript codes is important for your business because of the following reasons:
- Protects Against Payment Fraud – Payment fraud is a major concern for online merchants, and attackers often use malicious JavaScript code to steal credit card information or redirect users to fraudulent websites. By monitoring JavaScript code on payment pages, online merchants can detect and respond to potential attacks quickly, minimizing the impact of any fraudulent activity.
- Maintains Customer Trust – A security breach that compromises customer payment information can have serious consequences for a merchant’s reputation and bottom line. By proactively monitoring JavaScript code on payment pages, online merchants can demonstrate their commitment to security and safeguard their customers’ sensitive data, which can help maintain customer trust and loyalty.
- Enables Rapid Response to Security Threats – As new types of security threats emerge, online merchants must be able to respond quickly and effectively to mitigate the risk of data breaches. By monitoring JavaScript code on payment pages, online merchants can detect potential security threats in real-time, allowing them to take immediate action to prevent or contain security incidents.
Overall, payment page JavaScript monitoring is a critical component of online payment security, and it is a welcome addition to PCI-DSS v4.0.
WebOrion will be adding capabilities to check for these new requirements in PCI-DSS version 4. If this is something you are interested in, please contact us at sales@weborion.io