Online-payment icon

Script security for PCI DSS v4.0 compliance

Learn the PCI DSS v4.0 requirements for script security.

Our script compliance guide

Read our blog post for our recommendations to implement script security.

As an entity that accepts card payments, you are responsible for making sure that your online payments integration complies with the requirements of PCI DSS 4.0.

Additionally, your payment pages must comply with requirement 6.4.3 of PCI DSS 4.0 which states the following:

All payment page scripts that are loaded and executed in the consumer’s browser are managed as follows:

  • A method is implemented to confirm that each script is authorized.
  • A method is implemented to assure the integrity of each script.
  • An inventory of all scripts is maintained with written justification as to why each is necessary.

Make sure that your integration includes ways to address all of the requirements.

Third-party scripts

The following table shows the third-party scripts that Adyen Drop-in and Components use:

Scripts Payment method
https://*.cash.app CashApp Pay
https://*.payments-amazon.com AmazonPay
https://*.google.com, Google Pay
https://*.paypal.com PayPal
https://*.checkout.visa.com Click to Pay
https://*.mastercard.com Click to Pay

Include these in the inventory of all scripts on your payment page.

See also