For a long time, Report URI has been helping website owners deliver a more secure browsing experience for their users. With this latest release of a new feature, called Frame Watch, we're adding yet another capability to our platform to give you more visibility into payment processing on your site.
Payment Pages and Card Holder Data
While Report URI has been around for almost a decade now, there has been a very recent and sharp increase in the demand for our services. The industry body known as the Payment Card Industry Security Standards Council (PCI SSC) set out a document known as the Payment Card Industry Data Security Standard (PCI DSS), which provides minimum security requirements for websites handling Card Holder Data (CHD) via online payments. The latest and most significant overhaul of that standard was released in 2023 and compliance is required by March 2025, so the clock is definitely ticking.
If you'd like my overview of the latest v4.0 standard, you can read that here: PCI DSS 4.0; It's time to get serious on Magecart
There was also a minor release much more recently, and you can read my views on that here: PCI DSS 4.0.1; What's Changed?
Script Watch and Data Watch
To help organisations better meet those requirements, we added two new features to our telemetry monitoring capabilities, known as Script Watch and Data Watch. The purpose of Script Watch is to monitor for new JavaScript dependencies on your site and to notify you to any new dependencies as soon as they are spotted. Data Watch serves a very similar purpose but is looking for external data dependencies, the locations that you're sending data to from your website. If it sees you sending data to a new location for the first time, you would be notified.
Both of these features have proven to be exceptionally popular and are now, by a comfortable margin, the most popular features on our service. Use of these features did lead to a common theme amongst the feedback during testing, though, and Frame Watch is the answer to those requests!
Frame Watch
Much like Script Watch and Data Watch were looking out for their own relevant activity on your site to notify you, Frame Watch will now be able to monitor for something specific too.
When embedding the JavaScript from your payment provider, all sorts of other sites can be framed and introduced to your site to handle that payment. It can be from the card issuer themself, a form of 3DS challenge where a user is required to enter a code usually sent via SMS, or one of many other possible processes. Many of our customers were asking for visibility into these processes so that they could know what was happening on their site. At the same time, this would also allow our customers to monitor for signs of malicious activity by looking for questionable sources of frames.
Frame Watch is now generally available for all customers on an appropriate plan and you can begin using it right away. If you've not yet tried out Report URI, you can sign up for 30-day free trial and use the code FRAMEWATCH at checkout to get 50% off your first three months!! This offer is open until the end of Aug 2024 so get signed up now to lock it in.
As always, if there are any questions then please feel free to reach out to me and I'd be happy to help.