A new level of payment security – successful PCI DSS v4.0 certification with the latest standards

Payneteasy, a leading provider of payment technologies, is proud to announce the successful completion of its annual PCI DSS v4.0 certification as a Level 1 Service Provider. This includes full compliance with the new, more rigorous requirements that came into effect in March 2025. In line with these updated standards, we now offer our clients tools that enhance the protection of payment forms and data to an even higher level. Read more in this article.

Key aspects of the new PCI DSS requirements implemented by Payneteasy:

Payment forms scripts protection (PCI DSS Requirement 6.4.3):

• Authorisation and inventory of scripts: All scripts used in the payment form must now be authorised and registered within the Payneteasy system. Strict procedures have been introduced to account for each script, defining its purpose and granting permission for use. These are then continuously tracked by our dedicated monitoring team.
• Script integrity check: Customers can safeguard imported and embedded scripts from tampering by using appropriate HTML attributes and Content-Security-Policy headers. To support this, Payneteasy has developed the “HTML Analyzer” module, which reviews saved form content to make sure key attributes are not missing. This protection mechanism is essential, as it helps prevent the payment form from being compromised through third-party sources (such as CDNs, analytics scripts, or traffic tracking systems) from which scripts may be imported.

Payment form content and header integrity monitoring (PCI DSS Requirement 11.6.1):

• Protection against unauthorized modification of payment form content: Payneteasy has implemented controls to prevent unauthorized changes to the payment form. If any such modification is detected, the monitoring team investigates it and, if necessary, notifies the affected clients.
• Protection against unauthorised modification of HTTP headers: Additional measures have been implemented to safeguard HTTP headers transmitted with the payment form within the Payneteasy payment infrastructure. These headers are essential for managing browser behaviour, such as controlling where scripts can be loaded from, where they can send data, and which third-party resources (like frames) are permitted. Any attempts at header spoofing are also actively monitored by the security team.

Innovative tools in action:

To meet the new PCI DSS requirements, Payneteasy has enhanced its internal processes and integrated new tools that are available to all clients, including:

• Form Analyzer: An automated tool that scans payment forms to detect potential vulnerabilities or non-compliance with the latest standards, such as missing integrity attributes or incorrect directives.
• Flexible Content Security Policy (CSP) configuration: The Payneteasy system permits fine-tuning of CSP directives through headers. These directives specify to browsers which domains are allowed to load scripts, where connections can be made, and which frames are permitted for embedding, or where the form itself can be embedded. This creates a strong barrier against unauthorised activity, including misuse of the payment form on third-party websites.

Successful certification under the updated PCI DSS standard highlights Payneteasy’s position as a trusted leader in secure and reliable payment solutions for businesses worldwide.