We understand that security and trust are essential to every payment transaction. We’re following up on the notification included in your March 2025 statement message regarding upcoming PCI changes. With PCI DSS 4.0 revisions taking effect in April 2025, it’s crucial for merchants to take a proactive approach to securing their online payment pages.

Summary of Upcoming PCI Changes:

• April 1, 2025: PCI DSS 4.0 regulations go into effect.

• PCI DSS 4.0 regulations include new online payment page vulnerability scans for some merchants.

• To help streamline efforts, SecurityMetrics has added a new tool called Shopping Cart Monitor (SCM) to assist merchants with compliance by scanning payment page vulnerability.

• The use of SCM to assist with PCI 4.0 compliance is not necessary for all merchants, but failure to comply for required merchants will result in PCI non-compliance fees on your statement starting July 2025.

• Reach out to SecurityMetrics at (801) 995-6400 to identify if you need to leverage SCM along with the actions necessary to mitigate your risk and help maintain compliance. For customized support, first tell the agent the software your business uses.

Why do I Need to Focus on PCI?

• Non-Compliance with PCI DSS 4.0 standards puts your business and reputation at risk.

• Online security threats like malicious scripts, payment skimming, and unauthorized code injections can compromise sensitive customer data.

• At risk merchants run the risk of a data breach leading to fraud, financial loss, and heavy fines.

Important 4.0 Details and Options:

PCI DSS 4.0 Brings New Security Requirements 

• Starting April 1, 2025, PCI DSS 4.0 takes effect with new security measures being enforced.

• While new requirements are in effect as of April 1, non-compliance fees will not be assessed based on the new requirements until July 2025. You will still be out of compliance if new requirements are not met by April 1, 2025.

• The new PCI DSS 4.0 requirement for additional payment page vulnerability scanning does not pertain to all merchants.

• To determine if additional action is required for your business and to avoid being billed monthly non-compliance fees from July 2025-forward reach out to SecurityMetrics at (801) 995-6400.   For customized support, first tell the agent the software your business uses.

SecurityMetrics Shopping Cart Monitor (SCM):

Shopping Cart Monitor (SCM) Helps with 4.0 Compliance

We've partnered with SecurityMetrics to offer Shopping Cart Monitor (SCM) for a streamlined approach to safeguarding your online payment pages.

All merchants have been auto enrolled in the SCM Basic (do-it-yourself) program with SecurityMetrics but to engage in the program, you must work directly with SecurityMetrics to avoid non-compliance fees starting July 2025.

To activate your SCM Basic (do-it-yourself) program, you must contact SecurityMetrics to confirm both participation and engagement.

To take the next steps for your business, reach out to SecurityMetrics at (801) 995-6400. For customized support, first tell the agent the software your business uses.

For additional information on Shopping Cart Monitor, including a demo, click here.

Shopping Card Monitor Implementation Options: 

Option 1: SCM Basic – DIY Compliance Monitoring  

SCM Basic payment page scans are included at no cost for up to the first 4 URLs, each additional URL is CAD$2.00/month.

While enrollment with SCM is automatic, action items are required to activate SCM program in your account and apply results to your compliance status.

Do-it-Yourself (DIY) instructions, test data, and a set compliance schedule will be provided by SecurityMetrics for self-scanning once you activate the SCM program. 

Reach out to SecurityMetrics to activate your SCM Basic (do-it-yourself) program by calling them at (801) 995-6400.

·        

Option 2: SCM Plus – Fully Automated Compliance Monitoring Service 

SecurityMetrics also offers an upgraded version of the SCM program for merchants interested in automating payment page scans and having a hands-off approach to this component of compliance.

SecurityMetrics Plus is a managed service that includes automated scanning, real-time alerts, and compliance reporting.

SCM Plus automated services costs: CAD$41.93/month per checkout page URL.

Customers interested in the fully automated solution can upgrade to SCM Plus by reaching out to Reach out to SecurityMetrics at (801) 995-6400.

Activate Your Shopping Cart Monitor Program

Reach out to SecurityMetrics to identify if your business is required to mitigate payment page vulnerabilities based on your Self-Assessment Questionnaire (SAQ) Type.

 Work with the SecurityMetrics team to take next steps in implementing the SCM Basic tools for your site to help prevent PCI Compliance violations in April 2025 and non-compliance fees starting in July 2025.

For technical details and next steps for your SCM integration reach out to Security Metrics directly:
Their US-based team is available 24x7x365 to assist via the email address and phone number listed below:

Email: support@securitymetrics.com Phone: (801) 995-6400

Major Impacts of PCI DSS 4.0:

·       New Requirement 6.4.3: All scripts running on checkout pages must be authorized and monitored to prevent unauthorized changes, skimming attacks, or malicious injections.  

·       New Requirement 11.6.1: Merchants must scan for unexpected changes to their payment pages, ensuring no unauthorized modifications have been made that could compromise security or compliance.

·       The SecurityMetrics Shopping Cart Monitor proactively assists merchants’ compliance efforts with two flexible options to help meet these two updated PCI DSS 4.0 regulations.

·       Learn More -PCI DSS 4.0: Access this link to read more about the changes included in PCI DSS from our partners at SecurityMetrics. (https://www.securitymetrics.com/blog/pci-40-summary-of-changes)

·       Learn more -SCM: Find out more about the SecurityMetrics SCM Tool: Click Here

·        
The addition of SecurityMetrics SCM helps merchants with a proactive approach to compliance, making security more accessible and manageable for businesses of all sizes. We look forward to helping you through this transition.

Best, 

Dom Morea, President of Platform & Payments, Fullsteam Corporate 

Stephen Myslicki, VP & Head of Pricing, Fullsteam Corporate