- Docs
- PCI DSS Library
- 6.4.3 (c) - Script Integrity
6.4.3 (c) - Script Integrity
Monitoring Authorized Scripts for Malicious Behavior
Authorization is only the first line of defense—ensuring that authorized scripts maintain their integrity is equally critical. Even legitimate scripts can be tampered with to perform unauthorized actions, such as capturing and transmitting sensitive data. For instance, while Google Analytics might be allowed to track user behavior, it should never access or transmit credit card information. There have been cases where legitimate scripts were compromised, altering their behavior to perform malicious activities. Yo counter such threats, it’s essential to continuously monitor the behavior of all authorized scripts on your payment page. If any script deviates from its expected function, immediate action must be taken to neutralize the threat to protect customers’ sensitive information.
