Jscrambler Empowers Payment Service Providers in Enabling Merchants to Achieve PCI DSS V4 Compliance, According to Online Business Systems Report
Leveraging Jscrambler Iframe Integrity, PSP Solutions Can Now Include Techniques that Protect Merchant Payment Pages Against Skimming Script Attacks
PORTO, Portugal, July 15, 2025 /PRNewswire/ -- Jscrambler, the pioneering platform for client-side protection, today announced new independent research from Online Business Systems (OBS) titled "Jscrambler's Iframe Integrity And The New PCI DSS Requirements." A leading provider of innovative digital solutions and cybersecurity, the OBS report details Iframe Integrity's success in helping payment service providers/payment gateways (PSPs) offer PCI DSS compliance (for requirements 6.4.3 and 11.6.1) and simplifying SAQ A eligibility for merchants by shielding payment pages from sophisticated e-skimming attacks while ensuring transaction security.
The number of payment card numbers stolen through e-commerce "skimming" attacks is surging. In these incidents, the e-commerce skimmer watches the transaction between the merchant and the consumer, stealing a copy of the customer's payment card data, as it's being entered. With an increasing number of attackers targeting scripts running in a consumer's browser, the PCI Security Standards Council (PCI SSC) has introduced two new requirements in PCI DSS v4.0.1 specifically designed to reduce the risk of client-side e-skimming attacks -- requirements 6.4.3 and 11.6.1.
PCI SSC also updated the Self-Assessment Questionnaire (SAQ A), designed for merchants who accept payments but who fully outsource payment processing, for example, by embedding a PSP's payment pages in the merchant's website. In this scenario, all payment processing is managed by the external, PCI DSS-compliant PSP. However, to be eligible to use the updated SAQ A, merchants now must confirm that their e-commerce site is not susceptible to script attacks.
In its new independent research assessment, OBS's PCI SSC accredited Qualified Security Assessors (QSAs) and Offensive Security Services (OSS) experts evaluated Iframe Integrity's effectiveness in meeting the latest anti-skimming requirements, particularly its ability to harden payment pages against a range of threats, including iframe hijacking, iframe overlays, fake iframes, and function hijacking. "Iframe Integrity safeguards payment pages against script attacks by isolating the PSP script and all elements related to the payment form from unauthorized interference by other scripts running on the parent page. Additionally, it mitigates risks where a malicious script on the merchant's parent page could manipulate users into unintentionally exposing their payment data."
Following a series of simulated attacks, where code snippets were executed in the browser's console to simulate an attack executed by a malicious script running on the page, the OBS team reported that "Based on the observations of OBS's QSAs and OSS experts, Iframe Integrity was successful in preventing all the tested attacks. Deploying the solution to a merchant's parent page, as part of a PSP's payment page script, appears to be a successful way of ensuring that the merchant's payment page is not susceptible to script attacks."
The paper goes on to report that "For e-commerce merchants who completely outsource payment processing to a PCI DSS compliant PSP that is using Jscrambler's Iframe Integrity to harden their payment iframes, there is little additional work required to confirm the merchant meets the eligibility requirements in SAQ A."
"Recent updates to PCI DSS--and specifically to SAQ A--have significantly expanded merchant responsibility for ensuring their e-commerce sites are not susceptible to client-side attacks. That shift has placed a heavy burden on many merchants lacking the technical and financial resources to validate and secure their environments," said Pedro Fortuna, CTO at Jscrambler. "Iframe Integrity was designed to fill that gap by giving PSPs a solution that eases the compliance burden on merchants while securing payment pages against client-side threats. OBS's new report offers strong third-party validation that we are delivering on that promise."
"Many merchants today lack the technical and financial resources and are looking to their PSPs to ensure that their iframes and payment pages are secure," said Jordan Wiseman, Fellow Consultant at OBS and author of the report. "Our review found that Jscrambler's Iframe Integrity can secure payment pages against script-based attacks and can help PSPs support their merchant-customers' compliance efforts."
For those interested in learning more about Jscrambler's Iframe Integrity, please visit here.
To read the complete "Jscrambler's Iframe Integrity And The New PCI DSS Requirements" report, visit here.
About Online Business Systems:
Online Business Systems is a leading provider of innovative digital solutions, cybersecurity services, and digital transformation, offering expertise in customer experience (CX), artificial intelligence, and strategic advising. Its team of cybersecurity experts develops robust security programs tailored to each client's risk appetite, enabling organizations to focus on business growth. As members of GEAR, Online Business Systems' team of over 40 Qualified Security Assessors (QSAs) delivers PCI guidance and assessment services to clients worldwide. The company's Financial Services practice specializes in digital banking solutions, Fintech integration, and managed services, along with Digital Advisory offerings such as strategy, mergers and acquisitions, system selection, and brand experience.
About Jscrambler
Jscrambler is the leader in Client-Side Protection and Compliance. Jscrambler is the first to merge advanced polymorphic JavaScript obfuscation with fine-grained third-party tag protection in a unified Client-Side Protection and Compliance Platform. Jscrambler's integrated solution ensures a robust defense against current and emerging client-side cyber threats, data leaks, misconfigurations, and IP theft, empowering software development and digital teams to innovate securely online with JavaScript. Jscrambler's Code Integrity product safeguards first-party JavaScript through state-of-the-art obfuscation and exclusive runtime protection. Jscrambler's Webpage Integrity product mitigates threats and risks posed by third-party tags, all while ensuring compliance with the new version 4 of PCI DSS. Jscrambler's Iframe Integrity empowers PSPs to deliver seamless protection, PCI DSS compliance, and SAQ A eligibility to merchants. With Jscrambler, businesses adopt a unified, future-proof client-side security policy, all while achieving compliance with emerging security standards. Jscrambler serves a diverse range of customers, including top Fortune 500 companies, online retailers, airlines, media outlets, and financial services firms whose success depends on safely engaging with their customers online.
CONTACT:
Doug Fraim
Guyer Group for Jscrambler
jscrambler@guyergroup.com
SOURCE Jscrambler
