Please complete the form to apply for a free scan account.
We'll get back to you as soon as possible.
Turaco Labs needs the information provided to contact you about our services.
Tags:
There is a great deal of interest and focus on the new PCI requirements coming into force this month for eCommerce merchants:
And quite rightly so as these controls will help merchants to better identify and address malicious activity on their website.
In fact, requirement 6.4.3 - Checkout Script Monitoring, when combined with a detailed threat perspective (as we have from our forensic lineage) will quickly identify malicious scripts and enable the merchant to protect their customer data - and it would help to solve the majority of the problems that we've identified on over 30,000 eCommerce sites this last month with digital skimmers and loaders focused on stealing payment card data (and the supporting customer PII).
However, one of the key requirements that is overlooked in the hype that is building over these newly introduced requirements - is 11.5.2 File Change Monitoring.
Arguably, when combined with a market-leading threat detection capability, understanding the other changes made by the intruder at the time of introducing malware can SIGNIFICANTLY accelerate containment and resolution of the intrusion.
In our experience, this control - 11.5.2 - is rarely, if ever, found in hacked sites when we assist them to regain control of their site.
Why not?
It is challenging to implement and run.
Very few in the eCommerce industry seem to have the skills to implement effective change monitoring AND combine it with threat detection. Disparate systems, with a limited skills-base to use those systems means that effective file change monitoring is rarely implemented or maintained.
Yet, it is one of THE MOST USEFUL controls for quickly responding to an incident.
In ThreatView Advanced, when we detect the introduction of malware into a client website, the first thing we/our clients do is quarantine the malware.
The second thing we/our clients do is go to the file change events in ThreatView to see what other changes/files were introduced when the criminal dropped the malware onto the site. We search for what other changes may have been made so that we can quickly "undo" the damage.
Now, it seems the industry is excitedly talking about solutions for 6.4.3 and 11.6.1, but without combining the solutions with excellent malware detection, the industry is simply creating more "noise" for the merchants to try to manage - and let's be frank - most of them are not cyber aware, nor do they have endless capacity to deal with "noise". In fact, more noise often results in "alert fatigue" and the stagnation of a solution.
So in the hype around these requirements, let's not lose sight of the huge benefit that they can bring WHEN COMBINED with market leading threat detection and threat intelligence (ie what does the latest malware look like, behave like etc).
Chasing tick-box compliance with simple script monitoring solutions may be alluring from a marketing and revenue perspective, but will it improve the outcomes for the ecosystem?
With over 20 years working in the PCI space (yes from before the PCI DSS was formed), we've seen many cases of tick-box compliance approaches being sold to a merchant portfolio, with little to no positive effect on the ecosystem. In fact, the situation in the eCommerce sector is getting worse.
Our eCommerce ThreatScape Report shows this - the number of hacked sites has grown from ~8,000 in early 2024 to ~30,000 in early 2025. Yes, our capability to detect is constantly evolving and improving, but the sheer growth in hacked sites shows that the most vulnerable in the industry need real security solutions.
With ThreatView, we provide support for 6.4.3 (and soon to support 11.6.1) in our free Community and Secure ($18/month) tiers - BUT the difference is we combine this with some of the industry's best threat intelligence, so our clients/users are able to quickly see the threat through the noise that script monitoring can generate.
With our ThreatView Advanced tier, which is currently priced at $59/month, we provide:
Our philosophy is simple: We focus on Security and PCI Compliance is a result.
GET YOUR THREATVIEW ACCOUNT HERE
We provide a free service and are happy to support a try-before you buy for our paid-for tiers. Get in touch with our support team via your free ThreatView account for more information.
eCommerce businesses are facing a rapidly growing threat, targeting their payment data. This has been documented in our ThreatScape Reports over the years - and the most telling number for us is the total number of hacked sites we detect each time we conduct a global scan for threats across our portfolio - this morning's result reported over 48,000 sites detected with malware.
Magento 2 and Adobe Commerce users are currently dealing with a critical security crisis: the SessionReaper...
At Turaco Labs, we have identified a live digital skimmer (e-skimmer) that hijacks Stripe...
