MB-R090
Payment pages should have change or tamper monitoring capable of detecting unauthorized modifications to scripts, templates, or payment-page behavior. Browser-side skimming often relies on small checkout changes that bypass traditional server-side checks. Validate presence of CSP reporting, file integrity monitoring, checksum manifests, deployment attestation, or an approved monitoring integration.
Payment-page tampering can happen through compromised extensions, tag managers, deployment artifacts, or injected JavaScript. If no one is watching for checkout changes, skimming code may remain active for a long time.
Tamper monitoring creates signals when checkout scripts, DOM behavior, CSP reports, or deployed files change unexpectedly.
# Check whether checkout scripts/files have integrity monitoring or change alerts
# Review CSP reports, file integrity logs, deployment diff evidence, or synthetic checkout monitors
# Confirm checkout/payment script changes require approval and leave audit evidence
Checkout scripts can change through tag manager without approval, alerting, or review.
# Tamper monitoring missing → FAIL
CSP reports, tag manager approvals, and file integrity checks alert on unexpected checkout script changes.
# Monitoring ready → PASS