PCI Compliance & Client Protection: Meeting the Latest Requirements With Confidence

As the April 1 deadline for PCI Compliance updates draws near, we at Zuri Group want to assure our clients that we’re fully committed to keeping payment systems secure. We’ve taken proactive steps to ensure our solutions meet the latest PCI standards, and we’re here to share how we’re addressing two key requirements: Sections 6.4.3 and 11.6.1.

Section 6.4.3 – Script Authorization and Integrity

PCI Requirement:

To meet this requirement, payment page scripts must be authorized, maintained with integrity and accompanied by an inventory with justification for each script.

How We Meet This:

At Zuri Group, we’ve implemented several practices to ensure script security and integrity. We maintain a Git Source Control system for your solution code. Using the following tools, we ensure that your organization is meeting the requirements. If your scripts are managed within your organization’s repository, Zuri Group provides expert services to integrate our proven tracking methodology into your Git System.

Dependabot: We use Dependabot across all our repositories to automatically scan for outdated dependencies and security vulnerabilities. This tool helps us:

  • Confirm Script Authorization: Dependabot alerts us when dependencies become outdated or insecure, ensuring we only use authorized scripts in our codebase.
  • Ensure Script Integrity: By automatically generating pull requests for updates, Dependabot helps us keep our scripts and dependencies up to date with the latest secure versions – no manual intervention required.

MD5 Hash Logging for Inventory: We track and verify the integrity of all uploaded files by logging their MD5 hashes. This allows us to monitor and compare each file’s current state with its original version, helping us maintain a consistent inventory and ensure proper authorization.

Section 11.6.1 – Unauthorized Changes Detection

PCI Requirement:

This requirement calls for detecting and responding to any unauthorized changes to payment pages, including scripts and HTTP headers, through regular evaluations.

How We Meet This:

To stay ahead of potential risks, we’ve implemented the following measures:

Dependabot Alerts: Dependabot not only scans for outdated dependencies but also alerts us to vulnerabilities in scripts, helping us promptly detect and respond to changes that could pose a security threat.

MD5 Hash Verification: We periodically verify the integrity of uploaded files using MD5 hash checks, ensuring that no unauthorized changes have occurred.

Additional Governance

Many organizations are concerned about ensuring compliance once scripts are live in their online solution. There’s always the risk that users may add unauthorized code blocks to pages or modify templates. Zuri Group offers consulting services to help your organization develop effective system governance policies and configure the right system permissions to maintain control and ensure compliance.


We hope this gives you confidence that we’re doing everything we can to meet the latest PCI Compliance standards and help you do the same. If you have any questions or need further details, don’t hesitate to reach out!

Join Our Mailing List.