{"id":17531,"date":"2024-08-15T10:47:09","date_gmt":"2024-08-15T09:47:09","guid":{"rendered":"https:\/\/www.dionach.com\/?p=17531"},"modified":"2025-02-07T15:43:52","modified_gmt":"2025-02-07T15:43:52","slug":"pci-dss-4-requirements-for-code-and-payment-pages","status":"publish","type":"post","link":"https:\/\/dionach.com\/en-us\/pci-dss-4-requirements-for-code-and-payment-pages\/","title":{"rendered":"PCI DSS 4 Requirements for Code and Payment Pages"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"17531\" class=\"elementor elementor-17531\" data-elementor-post-type=\"post\">\n\t\t\t\t<div class=\"elementor-element elementor-element-5bd22bd e-flex e-con-boxed e-con e-parent\" data-id=\"5bd22bd\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-11fe298 elementor-widget elementor-widget-text-editor\" data-id=\"11fe298\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>As we help our customers with transitioning to PCI DSS 4, some immediate and future dated requirements are standing out for special attention, specifically:<\/p><ul><li>6 &#8211; Code repositories used for custom code and configuration information<\/li><li>6.4.3 &#8211; Authorization of payment page scripts<\/li><li>11.6.1 &#8211; Change and tamper detection for payment pages, including scripts<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-06b5af9 elementor-widget elementor-widget-heading\" data-id=\"06b5af9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Code Repositories and PCI DSS 4<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1c3ed80 elementor-widget elementor-widget-text-editor\" data-id=\"1c3ed80\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>One immediate change is that code repositories for custom code and for configuration information is now in scope for PCI DSS assessments. The overview for Requirement 6 (Develop and Maintain Secure Systems and Software) states the following, which makes it clear:<\/p><p><em>\u201cCode repositories that store application code, system configurations, or other configuration data that can impact the security of account data or the CDE are in scope for PCI DSS assessments.\u201d<\/em><\/p><p>Application code includes custom code developed and used in applications in the cardholder data environment. Configuration information may include infrastructure as code (IaC) using tools such as Terraform, Ansible or Puppet; this IaC is usually stored in repositories. Application or configuration code may be stored in GitHub, GitLab, Bitbucket some other cloud or self-hosted source code repository system.<\/p><p>As these are now in scope for PCI DSS assessments, you may need to request an Attestation of Compliance (AoC) from your cloud service provider (CSP) if the repositories are hosted by a CSP. You will need to check that the AoC covers the code repository services, and that the CSP has a responsibility matrix. You will still need to be compliant for requirements that you are responsible for. If your organisation self-hosts the code repository, you may want to look at how to limit scope when you bring the code repository and its supporting infrastructure into scope for assessment.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f1cf9eb elementor-widget elementor-widget-heading\" data-id=\"f1cf9eb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">PCI DSS 4 Future Dated Requirements<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-336f286 elementor-widget elementor-widget-text-editor\" data-id=\"336f286\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Here are some of the future dated requirements that need some special attention. The deadline for these requirements is <strong>31<sup>st<\/sup> March 2025<\/strong>, so Dionach recommend that organisations implement these as soon as possible. This section has been updated&nbsp;<span style=\"font-family: var( --e-global-typography-text-font-family ), Sans-serif; font-weight: var( --e-global-typography-text-font-weight ); text-align: var(--text-align);\">in February 2025&nbsp;<\/span><span style=\"font-family: var( --e-global-typography-text-font-family ), Sans-serif; font-weight: var( --e-global-typography-text-font-weight ); text-align: var(--text-align);\">following clarification from PCI SSC on SAQ A requirements&nbsp; 6.4.3 and 11.6.1 in PCI DSS v4.0.1 SAQ A r1.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3175cc5 elementor-widget elementor-widget-heading\" data-id=\"3175cc5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">6.4.3 - Payment Page Scripts are Authorized<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b5a44e7 elementor-widget elementor-widget-text-editor\" data-id=\"b5a44e7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Any scripts such as JavaScript files referenced and used in a payment page now need to be explicitly listed and authorized. A payment page is a web page with a form where account data is entered.<\/p><p>The guidance for 6.4.3 helps clarify the requirements. Each script referenced in the payment page must be inventoried, justified and authorized. To ensure the integrity of each script, the HTTP Content Security Policy (CSP) for\u00a0<span style=\"font-family: var( --e-global-typography-text-font-family ), Sans-serif; font-weight: var( --e-global-typography-text-font-weight ); text-align: var(--text-align);\">the page should restrict allowed sources of scripts; see the following link for more information on using a Content Security Policy:<\/span><\/p><p><a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/CSP\">https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/CSP<\/a><\/p><p>Additionally, the integrity of scripts can be checked by including an integrity hash in the script HTML tag, using Subresource Integrity (SRI); see the following for more information on using Subresource Integrity:<\/p><p><a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/Security\/Subresource_Integrity\">https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/Security\/Subresource_Integrity<\/a><\/p><p>There are tools and resources for some popular ecommerce platforms on adding CSP and SRI, such as WordPress and Magento.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-b84519d e-flex e-con-boxed e-con e-parent\" data-id=\"b84519d\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-6875c58 elementor-widget elementor-widget-heading\" data-id=\"6875c58\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">11.6.1 - Unauthorized Changes on Payment Pages Are Detected and Responded To<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-eee1bb3 elementor-widget elementor-widget-text-editor\" data-id=\"eee1bb3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>This requirement to check or monitor payment pages for changes to payment pages is related to 6.4.3 for payment page script authorization. As with 6.4.3, a payment page is a web page with a form where account data is entered.<\/p><p>\u00a0<\/p><p>Changes to payment pages and any active content such as JavaScript must be monitored using a change and tamper detection mechanism. The mechanism must check the content, scripts and important HTTP headers that would be received by the client browser, and must check once a week or as determined by a targeted risk analysis (TRA).<\/p><p>\u00a0<\/p><p>The change and tamper detection mechanism must act like a browser and check the content as presented to the browser, looking for any changes to prior versions, including known signs of attacks (indicators of compromise), changes to JavaScript sources, HTTP CSP headers, and basic content. Any changes must alert personnel, and be included in the incident response plan as per requirement 12.10.5.<\/p><p>\u00a0<\/p><p>Examples of some services that provide web page and script monitoring can be found at <a href=\"https:\/\/cside.dev\/compare\">https:\/\/cside.dev\/compare<\/a>. Note that Dionach do not endorse these and use of any of these does not guarantee PCI DSS compliance.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4ee40a8 elementor-widget elementor-widget-heading\" data-id=\"4ee40a8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Summary<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-55fcf47 elementor-widget elementor-widget-text-editor\" data-id=\"55fcf47\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>These are just a few of the new requirements in PCI DSS 4, so please ensure that you also implement the other requirements.<\/p><p>\u00a0<\/p><p>If you need any help with PCI DSS for SAQs, please contact Dionach. Some of the PCI DSS services we provide:<\/p><ul><li>PCI DSS scope review service, to help you reduce scope and work towards the best SAQ<\/li><li>SAQ assistance, with PCI DSS assessment, prioritized approach, and SAQ completion<\/li><li>Assessment for a Report on Compliance<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-72a49a3 e-flex e-con-boxed e-con e-parent\" data-id=\"72a49a3\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-5360d06 e-con-full e-flex e-con e-child\" data-id=\"5360d06\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-41f240c e-con-full e-flex e-con e-child\" data-id=\"41f240c\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-85cad65 premium-blog-align-left elementor-widget elementor-widget-premium-addon-blog\" data-id=\"85cad65\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;premium_blog_columns_number&quot;:&quot;100%&quot;,&quot;custom_posts_filter&quot;:[&quot;596&quot;],&quot;premium_blog_grid&quot;:&quot;yes&quot;,&quot;premium_blog_layout&quot;:&quot;even&quot;,&quot;premium_blog_columns_number_tablet&quot;:&quot;50%&quot;,&quot;premium_blog_columns_number_mobile&quot;:&quot;100%&quot;}\" data-widget_type=\"premium-addon-blog.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"premium-error-notice\">\n\t\t\tThe current query has no posts. Please make sure you have published items matching your query.\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>As we help our customers with transitioning to PCI DSS 4, some immediate and future dated requirements are standing out for special attention, specifically: 6 &#8211; Code repositories used for custom code and configuration information 6.4.3 &#8211; Authorization of payment page scripts 11.6.1 &#8211; Change and tamper detection for payment pages, including scripts Code Repositories [&hellip;]<\/p>\n","protected":false},"author":12,"featured_media":17543,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[217],"class_list":["post-17531","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-researchblog","tag-pci_dss","wpbf-post"],"contentshake_article_id":"","yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>PCI DSS 4 Requirements for Code and Payment Pages<\/title>\n<meta name=\"description\" content=\"As we help our customers with transitioning to PCI DSS 4, some immediate and future dated requirements are standing out for special attention,\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/dionach.com\/en-us\/pci-dss-4-requirements-for-code-and-payment-pages\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PCI DSS 4 Requirements for Code and Payment Pages\" \/>\n<meta property=\"og:description\" content=\"As we help our customers with transitioning to PCI DSS 4, some immediate and future dated requirements are standing out for special attention,\" \/>\n<meta property=\"og:url\" content=\"https:\/\/dionach.com\/en-us\/pci-dss-4-requirements-for-code-and-payment-pages\/\" \/>\n<meta property=\"og:site_name\" content=\"Dionach\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/dionachcyber\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-15T09:47:09+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-02-07T15:43:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2024\/08\/PCI-DSS-2.jpeg?fit=2048%2C1365&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"2048\" \/>\n\t<meta property=\"og:image:height\" content=\"1365\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Dionach by Nomios\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@dionachcyber\" \/>\n<meta name=\"twitter:site\" content=\"@dionachcyber\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dionach by Nomios\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/pci-dss-4-requirements-for-code-and-payment-pages\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/pci-dss-4-requirements-for-code-and-payment-pages\\\/\"},\"author\":{\"name\":\"Dionach by Nomios\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/#\\\/schema\\\/person\\\/cda8ad8b5715b4d431547564ed6a9ca9\"},\"headline\":\"PCI DSS 4 Requirements for Code and Payment Pages\",\"datePublished\":\"2024-08-15T09:47:09+00:00\",\"dateModified\":\"2025-02-07T15:43:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/pci-dss-4-requirements-for-code-and-payment-pages\\\/\"},\"wordCount\":855,\"publisher\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/pci-dss-4-requirements-for-code-and-payment-pages\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/dionach.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/PCI-DSS-2.jpeg?fit=2048%2C1365&ssl=1\",\"keywords\":[\"PCI DSS\"],\"articleSection\":[\"researchblog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/pci-dss-4-requirements-for-code-and-payment-pages\\\/\",\"url\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/pci-dss-4-requirements-for-code-and-payment-pages\\\/\",\"name\":\"PCI DSS 4 Requirements for Code and Payment Pages\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/pci-dss-4-requirements-for-code-and-payment-pages\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/pci-dss-4-requirements-for-code-and-payment-pages\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/dionach.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/PCI-DSS-2.jpeg?fit=2048%2C1365&ssl=1\",\"datePublished\":\"2024-08-15T09:47:09+00:00\",\"dateModified\":\"2025-02-07T15:43:52+00:00\",\"description\":\"As we help our customers with transitioning to PCI DSS 4, some immediate and future dated requirements are standing out for special attention,\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/pci-dss-4-requirements-for-code-and-payment-pages\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/dionach.com\\\/en-us\\\/pci-dss-4-requirements-for-code-and-payment-pages\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/pci-dss-4-requirements-for-code-and-payment-pages\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/dionach.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/PCI-DSS-2.jpeg?fit=2048%2C1365&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/dionach.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/PCI-DSS-2.jpeg?fit=2048%2C1365&ssl=1\",\"width\":2048,\"height\":1365},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/pci-dss-4-requirements-for-code-and-payment-pages\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"PCI DSS 4 Requirements for Code and Payment Pages\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/#website\",\"url\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/\",\"name\":\"Dionach\",\"description\":\"Real Security in a Virtual World\",\"publisher\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/#organization\",\"name\":\"Dionach\",\"url\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.dionach.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.dionach.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg\",\"width\":512,\"height\":512,\"caption\":\"Dionach\"},\"image\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/dionachcyber\",\"https:\\\/\\\/x.com\\\/dionachcyber\",\"https:\\\/\\\/uk.linkedin.com\\\/company\\\/dionach-ltd\",\"https:\\\/\\\/www.instagram.com\\\/dionachcyber\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/#\\\/schema\\\/person\\\/cda8ad8b5715b4d431547564ed6a9ca9\",\"name\":\"Dionach by Nomios\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/175b11c7f601b43fdf197d3d5c39805acf0e97b19ca7a4c4aa333ac557e98a09?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/175b11c7f601b43fdf197d3d5c39805acf0e97b19ca7a4c4aa333ac557e98a09?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/175b11c7f601b43fdf197d3d5c39805acf0e97b19ca7a4c4aa333ac557e98a09?s=96&d=mm&r=g\",\"caption\":\"Dionach by Nomios\"},\"sameAs\":[\"http:\\\/\\\/Dionach\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"PCI DSS 4 Requirements for Code and Payment Pages","description":"As we help our customers with transitioning to PCI DSS 4, some immediate and future dated requirements are standing out for special attention,","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/dionach.com\/en-us\/pci-dss-4-requirements-for-code-and-payment-pages\/","og_locale":"en_US","og_type":"article","og_title":"PCI DSS 4 Requirements for Code and Payment Pages","og_description":"As we help our customers with transitioning to PCI DSS 4, some immediate and future dated requirements are standing out for special attention,","og_url":"https:\/\/dionach.com\/en-us\/pci-dss-4-requirements-for-code-and-payment-pages\/","og_site_name":"Dionach","article_publisher":"https:\/\/www.facebook.com\/dionachcyber","article_published_time":"2024-08-15T09:47:09+00:00","article_modified_time":"2025-02-07T15:43:52+00:00","og_image":[{"width":2048,"height":1365,"url":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2024\/08\/PCI-DSS-2.jpeg?fit=2048%2C1365&ssl=1","type":"image\/jpeg"}],"author":"Dionach by Nomios","twitter_card":"summary_large_image","twitter_creator":"@dionachcyber","twitter_site":"@dionachcyber","twitter_misc":{"Written by":"Dionach by Nomios","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/dionach.com\/en-us\/pci-dss-4-requirements-for-code-and-payment-pages\/#article","isPartOf":{"@id":"https:\/\/dionach.com\/en-us\/pci-dss-4-requirements-for-code-and-payment-pages\/"},"author":{"name":"Dionach by Nomios","@id":"https:\/\/dionach.com\/en-us\/#\/schema\/person\/cda8ad8b5715b4d431547564ed6a9ca9"},"headline":"PCI DSS 4 Requirements for Code and Payment Pages","datePublished":"2024-08-15T09:47:09+00:00","dateModified":"2025-02-07T15:43:52+00:00","mainEntityOfPage":{"@id":"https:\/\/dionach.com\/en-us\/pci-dss-4-requirements-for-code-and-payment-pages\/"},"wordCount":855,"publisher":{"@id":"https:\/\/dionach.com\/en-us\/#organization"},"image":{"@id":"https:\/\/dionach.com\/en-us\/pci-dss-4-requirements-for-code-and-payment-pages\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2024\/08\/PCI-DSS-2.jpeg?fit=2048%2C1365&ssl=1","keywords":["PCI DSS"],"articleSection":["researchblog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/dionach.com\/en-us\/pci-dss-4-requirements-for-code-and-payment-pages\/","url":"https:\/\/dionach.com\/en-us\/pci-dss-4-requirements-for-code-and-payment-pages\/","name":"PCI DSS 4 Requirements for Code and Payment Pages","isPartOf":{"@id":"https:\/\/dionach.com\/en-us\/#website"},"primaryImageOfPage":{"@id":"https:\/\/dionach.com\/en-us\/pci-dss-4-requirements-for-code-and-payment-pages\/#primaryimage"},"image":{"@id":"https:\/\/dionach.com\/en-us\/pci-dss-4-requirements-for-code-and-payment-pages\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2024\/08\/PCI-DSS-2.jpeg?fit=2048%2C1365&ssl=1","datePublished":"2024-08-15T09:47:09+00:00","dateModified":"2025-02-07T15:43:52+00:00","description":"As we help our customers with transitioning to PCI DSS 4, some immediate and future dated requirements are standing out for special attention,","breadcrumb":{"@id":"https:\/\/dionach.com\/en-us\/pci-dss-4-requirements-for-code-and-payment-pages\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/dionach.com\/en-us\/pci-dss-4-requirements-for-code-and-payment-pages\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/dionach.com\/en-us\/pci-dss-4-requirements-for-code-and-payment-pages\/#primaryimage","url":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2024\/08\/PCI-DSS-2.jpeg?fit=2048%2C1365&ssl=1","contentUrl":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2024\/08\/PCI-DSS-2.jpeg?fit=2048%2C1365&ssl=1","width":2048,"height":1365},{"@type":"BreadcrumbList","@id":"https:\/\/dionach.com\/en-us\/pci-dss-4-requirements-for-code-and-payment-pages\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/dionach.com\/en-us\/"},{"@type":"ListItem","position":2,"name":"PCI DSS 4 Requirements for Code and Payment Pages"}]},{"@type":"WebSite","@id":"https:\/\/dionach.com\/en-us\/#website","url":"https:\/\/dionach.com\/en-us\/","name":"Dionach","description":"Real Security in a Virtual World","publisher":{"@id":"https:\/\/dionach.com\/en-us\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/dionach.com\/en-us\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/dionach.com\/en-us\/#organization","name":"Dionach","url":"https:\/\/dionach.com\/en-us\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/dionach.com\/en-us\/#\/schema\/logo\/image\/","url":"https:\/\/www.dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg","contentUrl":"https:\/\/www.dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg","width":512,"height":512,"caption":"Dionach"},"image":{"@id":"https:\/\/dionach.com\/en-us\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/dionachcyber","https:\/\/x.com\/dionachcyber","https:\/\/uk.linkedin.com\/company\/dionach-ltd","https:\/\/www.instagram.com\/dionachcyber\/"]},{"@type":"Person","@id":"https:\/\/dionach.com\/en-us\/#\/schema\/person\/cda8ad8b5715b4d431547564ed6a9ca9","name":"Dionach by Nomios","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/175b11c7f601b43fdf197d3d5c39805acf0e97b19ca7a4c4aa333ac557e98a09?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/175b11c7f601b43fdf197d3d5c39805acf0e97b19ca7a4c4aa333ac557e98a09?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/175b11c7f601b43fdf197d3d5c39805acf0e97b19ca7a4c4aa333ac557e98a09?s=96&d=mm&r=g","caption":"Dionach by Nomios"},"sameAs":["http:\/\/Dionach"]}]}},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2024\/08\/PCI-DSS-2.jpeg?fit=2048%2C1365&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/ph4Ojq-4yL","_links":{"self":[{"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/posts\/17531","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/comments?post=17531"}],"version-history":[{"count":0,"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/posts\/17531\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/media\/17543"}],"wp:attachment":[{"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/media?parent=17531"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/categories?post=17531"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/tags?post=17531"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}