PCI DSS

PCI DSS Requirement 11.6.1

The new PCI DSS v4 standard requires e-commerce companies to employ measures to protect the payment pages on their websites against JavaScript skimming attacks.

The Payment Card Industry (PCI) Data Security Standard (DSS) is a global standard that provides a baseline of technical and operational requirements designed to protect payment account data.

The next evolution of the standard is PCI DSS v4 which became mandatory on 1st April 2024 with new technical requirements that need to be implemented by 1st April 2025.

There are two requirements, 6.4.3 and 11.6.1, designed to protect payment pages of websites that capture payment card data.

Detect 


A change- and tamper-detection mechanism is deployed as follows:

  • To alert personnel to unauthorized modification (including indicators of compromise, changes, additions, and deletions) to the HTTP headers and the contents of payment pages as received by the consumer browser.

  • The mechanism is configured to evaluate the received HTTP header and payment page.


The mechanism functions are performed as follows:

  • At least once every seven days, OR

  • Periodically.

How Jcrambler can help you

Prevent client-side attacks with Jscrambler’s security platform

Recommended to read next

Web Security

Application Shielding

This article wants to explore the concept of application shielding, its key components, and its significance in the broader context of web security.

6 min read

Read More
Web Security

Web Skimming

Web skimming targets financial transactions conducted on the Internet. This article wants to delve into its mechanics, implications for web security, and practical steps to mitigate this growing...

4 min read

Read More