SecurityMetrics at APP's Level Up

Let's Connect

Come talk to us about your PCI v4.0 needs at Booth 4. While you're at it, enter our drawing for a pair of Ray-Ban Meta Glasses!

Come meet with us at Level Up
Book a Meeting

Meet our team

John Bartholomew, SVP, Strategic Relationships

John "JB" Bartholomew

SVP, Strategic Relationships
Robbi Watson, Director, Business Development

Robbi Watson

Director, Business Development
Book a Meeting
Robbi Watson, Director, Business Development

Andrew Savage

Director, Business Development
Book a Meeting

Want to continue the conversation?

talk to a specialist

Presentation at Level Up

The CFO of SecurityMetrics, Blake Stevens

John "JB" Bartholomew

SVP, Strategic Relationships
Date: March 5, 2025
Time: 9:25 AM
Location: Balboa at Park MGM

Arming Your Merchants Against Iframe Attacks: A Practical Guide to PCI Req. 6.4.3 and 11.6.1

This session will share findings from over 2,000 e-commerce client-side forensic investigations. We have seen a dramatic increase in attacks specifically on ecommerce sites using iframes to host a payment page from a 3rd party service provider.

These findings emphasize the importance of PCI DSS requirements 6.4.3 and 11.6.1 in helping combat e-commerce skimming trends. For example, in 100% of the cases where card data skimming was occurring, the security failure was present on the merchant’s referring page and not because of a malicious script on the 3rd party hosted payment page. This finding clearly indicates that the main skimming risks are on the merchant’s side, not on the service provider’s side.

Merchants are responsible for monitoring the scripts that they include on their websites (PCI DSS requirement 6.4.3) and checking for the presence of malicious scripts and behaviors on any payment or referring payment pages (PCI DSS requirement 11.6.1). The trends we’ve found can help merchants see the practical application of these requirements, and be empowered to secure their websites against threat actors.
I'd love to hear your thoughts or answer any questions about my presentation. Send an email to jb@securitymetrics.com.

Resources

The following are related resources that we have prepared for you. Find more answers to your questions in our Learning Center.

download
Ecommerce Website Spoofing and Unauthorized Third-Party Resellers
Report
download
The Simple WayTo Comply with PCI 4.0 Ecommerce Requirements
data sheet
play_arrow
Are You Ready for the Ecommerce Security Storm? A Buyer’s Guide to PCI DSS 6.4.3 and 11.6.1
podcast
download
Shopping Cart Monitor
Data sheet
download
PCI Program
data sheet
download
How M&T Bank Boosted Merchant Compliance
case study
play_arrow
PCI v4.0 for Acquirers: What to Expect for You and Your Merchants
webinar
newsmode
Key PCI DSS v4.0 Requirements
CHECKLIST
download
SecurityMetrics Guide to PCI Compliance
GUIDE
Stay up to date
Subscribe to our blog.
Subscribe Now
Data Security
Vulnerability ScanningPenetration TestingSecurity TrainingPANscan®SecurityMetrics VisionSecurityMetrics MobileCIS Controls AssessmentConsultingResellerForensic/Incident ResponseData and Network SecurityData Security AcademyWebpage Integrity Monitoring (WIM)Shopping Cart InspectShopping Cart Monitor (PCI 6.4.3 & 11.6.1)SecurityMetrics Pulse
Compliance
GDPR CompliancePCI CompliancePCI DSS AuditPCI Level 4 ProgramPA-DSS/SSF AuditP2PE AuditPIN Security AssessmentPCI PoliciesPCI TrainingHIPAA ComplianceHIPAA PoliciesHIPAA TrainingHealth Network ProgramHITRUST
Company Info
About UsBlogGlossaryMedia RelationsCareersTerms of UsePrivacyAbuseDo Not Sell My Information
Contact
Contact UsReport a Vulnerability
SecurityMetrics podcast logoLinkedIn logoFacebook logo
© 2025 SecurityMetrics, Inc. All rights reserved.
Privacy PolicyTerms and Conditions
Your IP Address is:
YouTube logoSecurityMetrics podcast logoLinkedIn logoFacebook logo
Subscribe to our blog
Subscribe Now
© 2025 SecurityMetrics, Inc. All rights reserved.
Privacy Policy
|
Terms and Conditions
|
Your IP Address is:
000.000.000.000