Jscrambler Unveils Iframe Integrity to Help PSPs Protect Merchants from Costly Payment Card Skimming Attacks

PORTO, Portugal

Jscrambler, a pioneer in client-side protection, today announced the launch of Iframe Integrity, a new innovative solution that helps payment service providers (PSPs) deliver instant PCI DSS v4-compliant payment iframes to merchants. With Iframe Integrity, PSPs protect merchants from costly script-based attacks while ensuring eligibility with the new Self-Assessment Questionnaire A (SAQ A) and FAQ 1588 updates.

PSPs offer easy-to-integrate, cost-effective payment solutions that allow merchants to securely process transactions without the need for merchants to invest in complex infrastructure. Often operating with limited technical and financial resources, many merchants rely on PSPs to handle everything from payment gateway integration to fraud prevention, as well as compliance with PCI DSS v4 and payment page requirements 6.4.3 and 11.6.1.

Powered by Jscrambler's market-leading technology, including Code Integrity and Webpage Integrity, this new offering allows PSPs to deliver PCI DSS v4-compliant payment iframes to merchants and meet the new eligibility criterion included in the recent SAQ A and FAQ 1588 updates. These updates require merchants to confirm that their third-party service provider/payment processor’s solution includes techniques that protect the merchant’s payment page from script-based attacks such as digital skimming. 

Despite the rise in script-based attacks, many businesses remain exposed. According to the 2024 Jscrambler research, only 36% of businesses have policies and tools in place to prevent digital skimming. By working with PSPs that are using Iframe Integrity and are aligned with SAQ A, merchants can demonstrate their commitment to securing their customers’ data.

“Online merchants rely on PSPs to deliver the latest payment capabilities that secure transactions while helping to enhance the overall customer experience,” said Rui Ribeiro, CEO and Co-founder of Jscrambler. “With Iframe Integrity, we eliminate complex configurations, maintenance, and operational burdens, making it fast and easy for payment processors and PSPs to deliver PCI DSS compliance and security at scale. As a result, they can reduce risk, open new revenue streams, and maintain a seamless, optimized experience that their merchants can trust by providing instant, robust protection for every transaction without disruption.”

Interested PSPs simply integrate Iframe Integrity into their existing script build process, instantaneously creating a controlled and secure iframe environment for loading payment pages and ensuring transactions remain protected from threats. Hardened with Jscrambler’s integrity technology, the iframe is continuously monitored and safeguarded against overlay, hijacking, and formjacking attacks targeting payment pages. Unlike traditional security solutions, Iframe Integrity is fully automated and completely transparent, requiring minimum maintenance from PSPs and zero management from merchants.

Main Iframe Integrity features include: 

• PSP Script Hardening: Protects against reverse engineering and automated threats with PSP script tamper-resistance.

• Function Hijacking Protection: Applies monkey-patching protection in privileged functions (on the parent page).

• Iframe Hijacking Protection: Prevents iframe hijacking attacks by isolating Document Object Model (DOM) methods used to tamper with iframe creation processes (on the parent page).

• Iframe Overlay Protection: Prevents iframe hijacking attacks by isolating DOM methods used to create new iframes or tampering with existing (on the parent page).

• Form Overlay Protection: Prevents iframe hijacking attacks by isolating DOM methods used to create new forms or tampering with existing (on the parent page).

• Iframe & Form Control: Provides fine-grained control over how iframes and forms can be used by scripts (on the parent page).

Jscrambler Iframe Integrity is available now. Learn more about how Jscrambler can help PSPs ensure merchant compliance with PCI DSS v4 and ultimately protect their businesses from growing script-based attacks. In addition, read the latest blog from Chief Technology Officer Pedro Fortuna, Introducing Iframe Integrity: Redefining Payment Page Security for PSPs.

About Jscrambler

Jscrambler is the leader in Client-Side Protection and Compliance. Jscrambler is the first to merge advanced polymorphic JavaScript obfuscation with fine-grained third-party tag protection in a unified Client-Side Protection and Compliance Platform.

Jscrambler’s integrated solution ensures a robust defense against current and emerging client-side cyber threats, data leaks, misconfigurations, and IP theft, empowering software development and digital teams to innovate securely online with JavaScript. Jscrambler’s Code Integrity product safeguards first-party JavaScript through state-of-the-art obfuscation and exclusive runtime protection. Jscrambler’s Webpage Integrity product mitigates threats and risks posed by third-party tags, all while ensuring compliance with the new version 4 of PCI DSS. Jscrambler’s Iframe Integrity empowers PSPs to deliver seamless protection and PCI DSS compliance and SAQ A eligibility to merchants.

With Jscrambler, businesses adopt a unified, future-proof client-side security policy, all while achieving compliance with emerging security standards.  Jscrambler serves a diverse range of customers, including top Fortune 500 companies, online retailers, airlines, healthcare, media outlets, and financial services firms whose success depends on safely engaging with their customers online.