PCI-DSS is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. This article is part of a series of articles under the “What’s New in PCI-DSS v4.0” series where we explore what has changed in PCI-DSS moving to version 4, with version 3.2.1. to be retired as of 31 March 2024. Read the other articles here:
- What’s New in PCI-DSS v4.0: HTTP Header Tamper Detection
- What’s New in PCI-DSS v4.0: Supply Chain Inventory of Software
- What’s New in PCI-DSS v4.0: SSL Cert Monitoring
A new clause (6.4.3.) has been added under Requirement 6: Develop and Maintain Secure Systems and Software:
6.4.3. All payment page scripts that are loaded and executed in the consumer’s browser are managed as follows:
- A method is implemented to confirm that each script is authorized.
- A method is implemented to assure the integrity of each script.
- An inventory of all scripts is maintained with written justification as to why each is necessary.
WebOrion will be adding capabilities to check for these new requirements in PCI-DSS version 4. If this is something you are interested in, please contact us at firstname.lastname@example.org