Hi everyone,

A security rep of ours recently let us know that a Shopping Cart Monitor of some form will be required in the new PCI Compliance version, something that monitors, detects, and analyzes payment page code for skimming.

Would any one be knowledgeable of a company or website that offers this? Or if ECT even has its own version of it?

Thanks,
Mike

To give additional context, we are looking at the 6.4.3 and 11.6.1 PCI Compliance 4.0 guidelines.

6.4.3 details how each JavaScript on the page must be inventoried and documented, both static and dynamic.

11.6.1 essentially takes that collected data and requires you to analyze it, looking for potential areas/pieces of unauthorized modifications, scan is ran at least weekly.

Thanks,
Mike

Hi Mike
I think Security Metrics offer something for this. But reading some of the results for if you even need this if you use an online process the results seem to be quite vague. For instance, if you are not storing or processing the credit card yourself then the payment systems are saying that "they've already done the work for you". Then send you to the PCI guidelines to decide if you need to be PCI compliant or not.

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

PCI Compliance has this super power of being very detailed yet still unclear of exact requirements for certain things haha. I will definitely check out Security Metrics to see what tools they offer, seems to be that a consultation will be needed to determine where we sit for compliance requirements.

Thanks,
Mike