Wake up call for acquiring risk and compliance managers!
A few months ago, the PCI Council clarified that merchants using redirect-based payment flows *might* not need to comply with 6.4.3 (change detection) and 11.6.1 (file integrity monitoring). But a new skimming campaign targeting Stripe users is a wake-up call. Attackers injected malicious scripts into merchant sites, not the checkout itself, but the surrounding environment to siphon off payment data using spoofed Stripe domains. Even if you're offloading the checkout, the rest of your site is still a threat vector. Skimmers don’t care if you're PCI compliant on paper - they care if your site gives them access. Script monitoring isn’t just a checkbox. It’s a necessary line of defense in an increasingly sophisticated threat landscape. Stay vigilant. Monitor your scripts. And remember - compliance is the floor, not the ceiling. If you aren't monitoring your scripts today, let's chat about how Aperia Compliance can help do just that!
