PCI DSS v4 & Third-Party Scripts: Checkout Page Risk
🟠 High | Source: The Hacker News PCI DSS v4.0 now explicitly requires merchants to control and monitor third-party scripts running on payment pages, closing a long-standing blind spot where analytics, tag managers, and support widgets could exfiltrate card data without detection. A QSA assessment of the Reflectiz platform evaluated how well it addresses these new requirements. Any organisation taking card payments online needs to demonstrate they have visibility and control over client-side scripts or risk failing their next PCI audit. ...