1. Docs
  2. PCI DSS Library
  3. 11.6.1 - Page Integrity

11.6.1 - Page Integrity

Safeguarding Against Sophisticated Web Skimming

Web skimming attacks have evolved beyond merely capturing credit card data from payment fields. Modern attackers now employ more advanced tactics, such as fake form attacks, where a fraudulent payment form is presented to the user to steal their credit card information before the legitimate form even appears.

To combat these sophisticated threats, it’s crucial to ensure the integrity of your entire payment page. Under PCI DSS 4.0.1, the Page Integrity (11.6.1) requirement requires a holistic approach, involving monitoring all resources loaded on the page, the legitimacy of displayed forms, and the verification of HTTP headers sent by the server. A robust system should continuously monitor these elements and provide prompt alerts to site owners. This way, they can swiftly detect and address unauthorized changes, ensuring that potential threats are identified and mitigated before they can skim customer card data from the payment page.

PCI DSS 4.0.1 - Requirement 11.6.1 - Page Integrity
PCI DSS 4.0.1 - Requirement 11.6.1 - Page Integrity

By browsing this website, you agree to the Terms of Service and Privacy Policy