← Back to Baseline

MB-R090

Payment page tamper monitoring readiness

C07 Logging & Monitoring High

Payment pages should have change or tamper monitoring capable of detecting unauthorized modifications to scripts, templates, or payment-page behavior. Browser-side skimming often relies on small checkout changes that bypass traditional server-side checks. Validate presence of CSP reporting, file integrity monitoring, checksum manifests, deployment attestation, or an approved monitoring integration.

Why it Matters

Payment-page tampering can happen through compromised extensions, tag managers, deployment artifacts, or injected JavaScript. If no one is watching for checkout changes, skimming code may remain active for a long time.

Tamper monitoring creates signals when checkout scripts, DOM behavior, CSP reports, or deployed files change unexpectedly.

Verification Steps

Monitoring evidence

# Check whether checkout scripts/files have integrity monitoring or change alerts
# Review CSP reports, file integrity logs, deployment diff evidence, or synthetic checkout monitors

Change review

# Confirm checkout/payment script changes require approval and leave audit evidence

Remediation / Fix Guidance

  1. Monitor checkout script inventory and alert on new or changed third-party scripts.
  2. Enable CSP reporting for payment routes.
  3. Use file integrity monitoring for checkout templates and deployed static assets.
  4. Require approval for tag manager and checkout script changes.
  5. Document response steps for suspected payment-page tampering.

Examples

Fail Example
Checkout scripts can change through tag manager without approval, alerting, or review.
# Tamper monitoring missing → FAIL
Pass Example
CSP reports, tag manager approvals, and file integrity checks alert on unexpected checkout script changes.
# Monitoring ready → PASS

References