top of page
ThreatView and PCI DSS

THREATVIEW & PCI DSS

SIMPLIFYING SECURITY AND COMPLIANCE FOR ECOMMERCE WEBSITES

Secure your eCommerce with ThreatView, the ultimate solution for PCI DSS compliance. Our advanced solutions simplify the process and protect your business from cyber threats. Ensure your website stays secures and adheres to the latest PCI DSS v4.0 requirements with ease. Manage risks, detect malware, and safeguard your customer data effectively. ThreatView provides unparalleled support for PCI DSS compliance, empowering you to focus on growing your business. Experience peace of mind knowing your eCommerce platform is secure and compliant. 

SIMPLIFYING SECURITY AND PCI DSS v4 COMPLIANCE FOR ECOMMERCE WEBSITES

We take care of PCI Reqs 5, 6.4.3, 11.6.1 AND 11.5.2 (and support 3) for eCommerce merchants

PCI DSS Compliance For eCommerce | PCI DSS Website Security

ABOUT THE NEW PCI DSS v4.0 REQUIREMENTS FOR ECOMMERCE MERCHANTS 

eCommerce skimming or “Magecart” attacks have become the most prevalent attack method used by criminals to steal payment card data. While some eCommerce platforms have been targeted more than others, all eCommerce companies are considered at risk.

To mitigate this risk, the PCI Security Standards Council released a new version of the PCI DSS (version 4), which contains 2 new requirements to detect and prevent eCommerce skimming attacks:

  • Requirement 6.4.3 - Payment Page Script Inventory and Integrity

  • Requirement 11.6.1 - HTTP Header Monitoring

PCI DSS Compliance For eCommerce | PCI DSS Website Security

REQUIREMENT 6.4.3

Payment Page Script Inventory and Integrity

 

This requirement is designed to ensure that all JavaScript on the payment pages of an eCommerce website are necessary, approved by the merchant and included in an actively maintained inventory

 

Additionally, the merchant is required to ensure that the scripts have not been tampered with.

We support PCI 6.4.3 in all versions of ThreatView, including our free Community Edition.

REQUIREMENT 11.6.1

HTTP Header Monitoring. 

This requires a tamper-detection mechanism for alerting unauthorized modifications to payment pages or HTTP headers.

We support PCI 11.6.1 in all versions of ThreatView, including our free Community Edition.

tamper-detection

EXISTING AND CHALLENGING PCI DSS REQUIREMENTS FOR ECOMMERCE MERCHANTS

In addition to the newly introduced requirements above, there are a few other critically important requirements for eCommerce merchants:

REQUIREMENT 11.5.2

File Change Detection - the foundation for detecting and mitigating threats.

 

Also known in the industry as File Integrity Monitoring (FIM).

 

This requirement is designed to alert the merchant to unauthorized modification (including changes, additions, and deletions) of critical files within their website.

ThreatView Advanced provides the only eCommerce FIM solution fully integrated with the industry's leading threat detection capability.  ThreatView tracks every change made to the site, checking for malicious/high risk code.

File Change Monitoring is fundamental to ThreatView and a critical tool for rapid incident response.

This gives website managers the ability to quickly identify malicious changes, roll them back, or remove introduced malware in seconds.

ThreatView Advanced: eCommerce File Integrity Monitoring (FIM). PCI 11.5.2.

File Integrity Monitoring

REQUIREMENT 5 - PROTECT SYSTEMS FROM MALWARE

ThreatView provides market-leading malware detection specifically for eCommerce websites.

With ThreatView Advanced Edition deployed an eCommerce site can meet the intent of the PCI DSS Requirement 5 to have an anti-malware solution monitoring the website filesystem and database.

REQUIREMENT 3 - PROTECT STORED ACCOUNT DATA

ThreatView supports PCI Requirement 3 by conducting regular scans for unprotected payment card data.

Unprotected payment card data can be an indication of a configuration/setting error, or potentially malicious activity within the website.

security control for detecting anomalies
PCI DSS requirements

FORENSIC EXPERIENCE AND PCI DSS

Through our experience gained over more than a decade of forensic investigations, it is clear that eCommerce merchants find it challenging to adhere to some of the more technically challenging PCI DSS requirements, especially the requirements outlined above.

 

However, by having these security controls in place, the eCommerce website will be significantly more adept at handling threats and preventing expensive and challenging data loss scenarios.

RISK AND COMPLIANCE WITH THREATVIEW

While the new requirements are mandatory after 31 March 2025, ThreatView Advanced is able to assist eCommerce merchants with an "out-of-the-box" solution that addresses the new requirements, the aforementioned more challenging requirements and provide the most comprehensive eCommerce threat detection - backed by our breach protection warranty - RIGHT NOW.

assist eCommerce merchants with an "out-of-the-box" solution

ThreatView combines extensive experience in digital forensics with advanced threat detection and mitigation capabilities to protect eCommerce websites AND simplify PCI DSS Compliance. 

6_edited.jpg

SIMPLIFYING SECURITY AND PCI DSS v4.0 COMPLIANCE FOR ECOMMERCE WEBSITES

bottom of page