PaymentGuard · PCI DSS 4.0.1

See every script on your payment pages,
and prove it to your QSA.

PaymentGuard inventories and justifies every script on your payment pages (6.4.3), detects unauthorized changes in real time (11.6.1), and produces QSA audit-ready evidence, across one checkout or millions of payment pages.

  • Feroot
    stripe.js analytics.js checkout.js
    PCI DSS Evidence Report
    Continuously · 24×7
    Script inventory287
    Tamper logs4.2k
    Enforcement records1.9k
    Integrity verification100%
    Export evidence package
    QSA-ready · one click
    PCI DSS Evidence ReportPDF
    Script inventory & logsCSV
    Enforcement recordsJSON
    stripe.jsVerified
    checkout.jsVerified
    gtm.jsVerified
    analytics.jsChanged
    apple-pay.jsVerified
Trusted by the world's most recognized digital brands

The 6.4.3 and 11.6.1 controls, done for you

Inventory, change detection, evidence, and deployment: the four pieces of a runtime PCI program, automated end to end. PCI DSS 4.0.1 made runtime script management mandatory. PaymentGuard turns each requirement into a running, monitored control instead of a spreadsheet you rebuild before every assessment.

Automatic script inventory and monitoring

Meet Requirement 6.4.3 with automated discovery and continuous monitoring of every script on your payment pages, first-party, third-party vendor, and the fourth-party scripts those vendors load. You get complete visibility plus the justification record an assessor expects, with zero manual spreadsheet upkeep.

Real-time change detection

Satisfy Requirement 11.6.1 with active tamper detection. PageGuard monitors scripts at runtime, and a scheduled Inspector crawl backs it up, so an unauthorized modification on a payment page triggers an alert when it happens, not at the next quarterly review.

Ready-made compliance documentation

Generate audit-ready documentation automatically. Export reports covering script inventory, change history, and control status, then hand your QSA the evidence and testify with authority, instead of rebuilding it by hand before every assessment.

Deploy once, with one line of code

Add a single PageGuard script tag, placed first in the page <head>. No changes to existing systems, no re-platforming. The dashboard gives your team real-time visibility into compliance status and script inventory, from the first payment page you protect to the last.

Six PaymentGuard Capabilities

Everything you need to discover, authorize, monitor, and prove every script on your payment pages, for PCI DSS 4.0.1 Requirements 6.4.3 and 11.6.1.

PaymentGuard for merchants, PSPs, ISAs, and QSAs

One deployment aligns processors and merchants around the same two controls, 6.4.3 and 11.6.1, so everyone in the chain works from the same evidence.

PCI DSS 4.0.1 Compliance

Achieve PCI DSS 4.0.1 compliance

One line of code that directly covers Requirements 6.4.3 and 11.6.1 on your checkout pages and payment iFrames.

  • QSA audit-ready reports on demand
  • Automated script inventory and authorization records
  • Continuous script-integrity verification with alerting
  • Deploys quickly, with no re-architecture
Run a free payment-page scan
Threat Prevention

Secure payment pages and iFrames

Block formjacking, digital skimming, and data exfiltration before they reach your customers' card data.

  • Protect PSP iFrames against Magecart and e-skimming
  • Cover payment pages, checkout flows, and online forms
  • Monitor script behavior in real time as it executes
  • One-click enforcement of your security and compliance rules
Book a PCI demo
Attack Prevention

Prevent e-skimming attacks

Full visibility and control over every JavaScript on your front end: websites, web apps, and SPAs.

  • Detect when scripts attempt to read sensitive form inputs
  • Runtime, real-time continuous monitoring
  • Block unauthorized code from executing
  • Get alerts the moment script behavior changes
Book a PCI demo
Evidence & Audit

Keep a complete evidence trail

From discovery to runtime: automated browser-based security with a full audit history.

  • Coverage across your full browser-based attack surface
  • Retain a history and a copy of every script and payload
  • Monitor your third- and fourth-party script supply chain
  • Provision and operate via API
Book a PCI demo

Four Steps to Continuous PCI DSS Compliance

Discover

AI agents automatically inventory all scripts, tags, and data flows on payment pages across your web and mobile properties, establishing your authorized baseline for PCI DSS 6.4.3 compliance.

Authorize & Monitor

PaymentGuard continuously validates that only authorized scripts are present on payment pages and monitors for any unauthorized additions, modifications, or behavioral changes per PCI DSS 11.6.1.

Detect & Block

Real-time behavioral analysis detects data skimming, formjacking, and cardholder data exfiltration attempts, and blocks threats at the digital experience layer before sensitive data is exposed.

Prove

Continuous audit evidence, script inventories, change logs, and compliance enforcement records, is automatically generated and delivered to your GRC and QSA workflows, every day.

Every Payment Channel. Every Session. Always Protected.

Websites

Full PCI DSS 6.4.3 and 11.6.1 enforcement across all web checkout and payment pages

Mobile Apps

Cardholder data protection and compliance enforcement across iOS and Android payment flows

Merchant & Vendor Ecosystems

Extend protection and compliance enforcement to external merchants, vendors, and partners processing payment data

  • Slack logo
  • PagerDuty logo
  • Splunk logo
  • ServiceNow logo
  • Logz.io logo
  • Webhooks integration services logo
  • Jira Software logo
  • Opsgenie logo
  • Sumo Logic logo
  • JupiterOne cybersecurity asset management logo
  • Datadog logo
  • Microsoft Teams logo
  • Amazon CloudWatch logo
  • AWS CloudWatch Logs logo
  • API configuration settings icon

Connected to Your PCI & Security Stack

PaymentGuard extends PCI DSS compliance telemetry, script inventory data, and tamper detection evidence into your existing SIEM and GRC platforms, delivering real-time alerting and reporting to SecOps and compliance workflows for fast remediation. Proactive risk scoring extends your payment security risk profile to the GRC tools your teams already use.
The Feroot Platform

Complete the Platform

PaymentGuard works seamlessly alongside DXComply and DXSecure as part of the Feroot Digital User Experience Security and Compliance Platform.

DXComply

Automate consent auditing & privacy compliance

Automate continuous consent auditing and compliance enforcement across your websites and mobile apps, aligned to GDPR, CCPA, HIPAA, and 50+ global regulations.

Explore DXComply →
DXSecure

Always-on threat detection & blocking

Always-on detection and blocking of malicious scripts, data skimming, formjacking, and unauthorized script execution at the browser and mobile app layer.

Explore DXSecure →
Verified G2 reviews · PCI DSS 4.0.1

Teams that solved 6.4.3 and 11.6.1 with Feroot

Real, verified G2 reviews from customers who deployed Feroot for PCI, in their own words.

"They Solved my 11.6.3 and 6.4.3 nightmares."

G2
Verified User
★★★★★ · Marketing and Advertising · Mid-Market
Read all reviews on G2

FREE DOWNLOAD:

Get the Feroot PaymentGuard Compliance Report: a practical walkthrough of the runtime requirements in PCI DSS 4.0.1, what your QSA will ask for, and how Feroot produces the script inventory, tamper detection, and audit evidence automatically.


PCI DSS 4.0.1 Requirements 6.4.3 and 11.6.1: handled, on every payment page.

Automate the run-time script inventory, tamper detection, and audit evidence your assessment requires. Deploy once; scale from one checkout to many payment pages.