If your business accepts credit or debit card payments, you need to follow PCI DSS rules to protect your customers’ card data. The latest version, v4.0.1 includes new rules that became mandatory in April 2025. One of the most important rules is about managing scripts on payment pages. Hackers often sneak malicious code into websites to steal card numbers as customers type them in. This is called a web skimming attack (Like Magecart). These new rules help you to spot and block those kind of attacks before they cause any damage.
Shared Responsibility
Here’s who is responsible for script security tasks under our payment integration models:
| Task | Nochex Payment Page | Nochex API Widget |
| Script Inventory | Nochex | Merchant |
| Script Justification | Nochex | Merchant |
| Script Integrity Checks | Nochex | Shared |
| Compliance Documentation | Shared | Shared |
Hosted Payment Page: The customer is redirected to a secure payment page hosted by Nochex. The merchant has no responsibility for scripts on that page
Nochex API Widget: The payment form embedded on the merchants website but is securely generated by Nochex. The merchant is more involved, especially in managing and justifying scripts that run on their website. Compliant carts
What’s the Requirement?
If your website has a payment page (where customers enter card details), you must:
- Keep a list of all scripts (like JavaScript) that run on that page
- Explain why each script is needed
- Use tools to check if any script has been tampered with
If your business accepts credit or debit card payments, you need to follow PCI DSS rules to protect your customers’ card data. The latest version, v4.0.1 includes new rules that became mandatory in April 2025. One of the most important rules is about managing scripts on payment pages.
How to Comply?
API Widget – Shopping Cart Platforms we support
We’ve already built integrations with these popular platforms to support our API Widget.
Here’s what you need to know about each one and how we can help you stay compliant.
| Shopping Cart | Script Security Support | Integration Help | |
| Woocommerce / WordPress | Module-based Setup Required | View guide | Download Module |
| OpenCart | Module-based Setup Required | ||
| Prestashop | Module-based Setup Required | ||
| Zen Cart | Module-based Setup Required | ||
Not using a shopping cart platform? No problem!
We’ve developed a script inventory tool that will help you:
- Automatically detect and list scripts on your checkout page
- Helps to flag unknown or suspicious scripts
- Stay on top of PCI DSS v4.0.1 requirements
Download the guide and script to try out the inventory tool and to see how it works.
More tools are coming soon to help you manage script integrity and compliance – no matter what platform you use.
If you have any questions or would like any more information contact us
Disclaimer
Guides, modules, and code samples provided by Nochex are offered “as-is” and without warranties of any kind, express or implied.
By using these resources, you acknowledge and agree that:
- You are solely responsible for implementing, testing and maintaining your own security and compliance measures
- Nochex does not guarantee that the use of these materials will result in PCI DSS compliance or prevent data breaches, vulnerabilities or other security incidents
- Nochex shall not be held liable for any direct, indirect, incidental or consequential damages arising from the use or misuse of these resources
We recommend consulting your own legal, compliance, or cybersecurity professional before relying on any implementation