- Docs
- PCI DSS Library
- 11.6.1 - Page Integrity
11.6.1 - Page Integrity
Safeguarding Against Sophisticated Web Skimming
Web skimming attacks have evolved beyond merely capturing credit card data from payment fields. Modern attackers now employ more advanced tactics, such as fake form attacks, where a fraudulent payment form is presented to the user to steal their credit card information before the legitimate form even appears.
To combat these sophisticated threats, it’s crucial to ensure the integrity of your entire payment page. Under PCI DSS 4.0.1, the Page Integrity (11.6.1) requirement requires a holistic approach, involving monitoring all resources loaded on the page, the legitimacy of displayed forms, and the verification of HTTP headers sent by the server. A robust system should continuously monitor these elements and provide prompt alerts to site owners. This way, they can swiftly detect and address unauthorized changes, ensuring that potential threats are identified and mitigated before they can skim customer card data from the payment page.
