SchellmanCON is back! Join us for our virtual conference on March 6 & 7, 2025

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Getting Started with Payment Script Security Controls

Payment Card Assessments

Payment, script, security, controls. Did any of those make you feel warm and fuzzy? Probably not.

So, what do you need to know about how these four words can provide security for how you take payments? Hi. I'm Sully Perella, Practice Leader here at Schellman, and I want to talk about payment script security controls.

Why? Because PCI DSS v4.0 contains a series of future-dated requirements regarding them that are no joke. Those requirements will apply as of April 1st, 2025, at which point—if you're using payment scripts to process payments on an e-commerce platform—you'll need to know:

  • What those scripts are,
  • Why they're there, and
  • How to identify the right security controls to prevent something from being compromised.

PCI DSS introduced these requirements because attackers were compromising e-commerce websites, putting wrappers around them, altering their code, and, then—even if the payment was processed— stealing those card numbers. As you can imagine, that's probably not something you want, so the standard was updated to address them through a couple of new requirements.

Understanding these  payment script security requirements is one thing,  finding ways to address them is another. While there are third-party tools you can use, as well as things like CSP and SRI, they can come with their own headaches. 

If you'd like to learn more about how you can address these mandates and better secure your website, reach out to us. We want to know what your questions are, and we'd love to help.

About Schellman

Schellman is a leading provider of attestation and compliance services. We are the only company in the world that is a CPA firm, a globally licensed PCI Qualified Security Assessor, an ISO Certification Body, HITRUST CSF Assessor, a FedRAMP 3PAO, and most recently, an APEC Accountability Agent. Renowned for expertise tempered by practical experience, Schellman's professionals provide superior client service balanced by steadfast independence. Our approach builds successful, long-term relationships and allows our clients to achieve multiple compliance objectives through a single third-party assessor.