The PCI Data Security Standard (PCI DSS) is a global set of requirements designed to minimize fraud and protect sensitive cardholder information that is processed, stored, and transmitted by merchants.  

With PCI DSS v4.0, new requirements 6.4.3 and 11.6.1 have been introduced, focusing on hosted payment page security and reducing risks during e-Commerce transactions. These updates come in response to a shift in how attackers target sensitive payment card data. Rather than exploiting server-side vulnerabilities, hackers are increasingly using client-side scripts to steal payment data directly from consumers’ browsers during online payments.  

Payment Script Monitoring Now Required  

Starting March 31, 2025, e-Commerce merchants are required to implement comprehensive script management and change detection systems to continuously monitor hosted payment page security. Merchants who accept payments online must partner with an approved script monitoring provider to meet these requirements, but they are free to choose the provider that works best for their business.   

Payment Script Monitoring vs. AVS Scans    

It’s important to understand that Payment Script Monitoring is different from AVS scans, which are external quarterly network vulnerability scans required by the PCI DSS. If merchants are required to run AVS scans based on how they process payments, they must pass these scans to become PCI compliant. In contrast, Payment Script Monitoring applies only to e-Commerce merchants, who are required to attest that they have a script monitoring solution in place.  Payment Script Monitoring is not required for PCI compliance. 

Benefits of Payment Script Monitoring 

 Payment Script Monitoring addresses compliance requirements by offering an automated solution that monitors scripts, alerting merchants of unauthorized modifications and ensuring ongoing compliance while offering these benefits: 

  • Comprehensive Solution: Addresses both PCI DSS requirements (6.4.3 and 11.6.1) in a single, seamless platform. 
  • Risk Reduction: Protects payment pages from malicious activity with continuous monitoring and alert systems.   
  • Ease of Use: Simplifies PCI DSS compliance, saving time and resources. 

Additional Information for Xplor Pay Customers

Payment Script Monitoring is available for Xplor Pay merchants through our PCI compliance partner, but you are free to work with the provider of your choice.

If you are a Xplor Pay merchant and need to complete your PCI self-assessment questionnaire or run any required scans, log in to Merchant Portal  and click on the arrow in the PCI section at the top of your dashboard. You can also contact the PCI Help Desk at 855.864.1732.  

Article by Xplor Pay

First published: March 31 2025

Last updated: October 15 2025