top of page
253.png

THREATVIEW & PCI DSS V4.0

SIMPLIFYING SECURITY AND COMPLIANCE FOR ECOMMERCE WEBSITES

SIMPLIFYING SECURITY AND PCI DSS v4.0 COMPLIANCE FOR ECOMMERCE WEBSITES

The eCommerce sector is the most targeted sector by cyber criminals in the payment industry

32_edited.jpg

ABOUT THE NEW PCI DSS v4.0 REQUIREMENTS FOR ECOMMERCE MERCHANTS 

eCommerce skimming or “Magecart” attacks have become the most prevalent attack method used by criminals to steal payment card data. While some eCommerce platforms have been targeted more than others, all eCommerce companies are considered at risk.

To mitigate this risk, the PCI Security Standards Council released a new version of the PCI DSS (version 4.0), which contains 2 new requirements to detect and prevent eCommerce skimming attacks:

  • Requirement 6.4.3 - Payment Page Script Inventory and Integrity

  • Requirement 11.6.1 - HTTP Header Monitoring

Payment Page Script Inventory and Integrity

REQUIREMENT 6.4.3

Payment Page Script Inventory and Integrity

 

This requirement is designed to ensure that all JavaScript on the payment pages of an eCommerce website are necessary, approved by the merchant and included in an actively maintained inventory

 

Additionally, the merchant is required to ensure that the scripts have not been tampered with.

REQUIREMENT 11.6.1 - AVAILABLE SOON

HTTP Header Monitoring. 

This requires a tamper-detection mechanism for alerting unauthorized modifications to payment pages or HTTP headers.

tamper-detection

EXISTING AND CHALLENGING PCI DSS REQUIREMENTS FOR ECOMMERCE MERCHANTS

In addition to the newly introduced requirements above, there are a few other critically important requirements for eCommerce merchants:

security control for detecting anomalies

REQUIREMENT 10.2.1 - AVAILABLE SOON

Web Access and Error Log collection, correlation and analysis. 

 

An important security control for detecting anomalies and in conducting rapid investigations in breach situations.

REQUIREMENT 10.5.1 - AVAILABLE SOON

Retain audit log history for at least 12 months, with at least the most recent three months immediately available for analysis. 

File Integrity Monitoring

REQUIREMENT 11.5.2

File Change Detection

 

Also known in the industry as File Integrity Monitoring (FIM).

 

This requirement is designed to alert the merchant to unauthorized modification (including changes, additions, and deletions) of critical files within their website.

PCI DSS requirements

FORENSIC EXPERIENCE AND PCI DSS

Through our experience gained over more than a decade of forensic investigations, it is clear that eCommerce merchants find it challenging to adhere to some of the more technically challenging PCI DSS requirements, especially the requirements outlined above.

 

However, by having these security controls in place, the eCommerce website will be significantly more adept at handling threats and preventing expensive and challenging data loss scenarios.

ThreatView combines extensive experience in digital forensics with advanced threat detection and mitigation capabilities to protect eCommerce websites AND simplify PCI DSS Compliance. 

6_edited.jpg

SIMPLIFYING SECURITY AND PCI DSS v4.0 COMPLIANCE FOR ECOMMERCE WEBSITES

RISK AND COMPLIANCE WITH THREATVIEW

While the new requirements are mandatory after 31 March 2025, ThreatView Advanced is able to assist eCommerce merchants with an "out-of-the-box" solution that addresses the new requirements, the aforementioned more challenging requirements and provide the most comprehensive eCommerce threat detection - backed by our breach protection warranty - RIGHT NOW.

assist eCommerce merchants with an "out-of-the-box" solution
bottom of page