Make PCI-DSS 4.0.1 Compliance Easy
The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance data security for payment card accounts.
Here are their basic requirements:
All payment page scripts that are loaded and executed in the consumer’s browser are managed as follows:
- A method is implemented to confirm that each script is authorized.
- A method is implemented to assure the integrity of each script.
- An inventory of all scripts is maintained with written business or technical justification as to why each is necessary
A change- and tamper-detection mechanism is deployed as follows:
- To alert personnel to unauthorized modification (including indicators of compromise, changes, additions, and deletions) to the security- impacting HTTP headers and the script contents of payment pages as received by the consumer browser.
- The mechanism is configured to evaluate the received HTTP headers and payment pages.
- The mechanism functions are performed at least weekly or periodically at the frequency defined in the targeted risk analysis.
meet these requirements.
How Feroot stops incidents before they start
“Feroot helped our team gain outside-in visibility into the security of the customer experience making our platform even more secure.”
Book a Demo and find out how to
easily automate PCI-DSS compliance.
Give us 15 minutes and we’ll show you.
1.
Start Free Assessment
Get your website analyzed to know what security threats you face.
2.
Review Results & Action Plan
See results on a live video call where we’ll share insights and recommendations.
3.
Launch & Get Protected
Experience the power and protection of the Feroot web platform. Our team sets it up without you having to do anything.
FREE DOWNLOAD:
How to Automate Compliance with
Requirements 6.4.3 and 11.6
By following this guide, you will be able to automate the reporting, protection, monitoring, and response mechanisms for your payment pages.