: Does including Google Analytics on a page makes you run the risk of failing a PCI audit? My webshop is currently in the process of becoming PCI compliant. For business intelligence reasons
My webshop is currently in the process of becoming PCI compliant.
For business intelligence reasons we would like to include Google analytics code (or a code from a similar package) on the checkout page of our payment funnel.
As this involves including 3rd party JavaScript code on a page which handles customers credit card details I am wondering if this type of integration runs the risk of not passing a PCI audit.
More posts by @Angela700
1 Comments
Sorted by latest first Latest Oldest Best
To be PCI compliant you have to use a validated payment application. Once a payment app is validated, it has to stay frozen (meaning no coding changes to the application at all).
Is adding javascript to the front end of your website considered a coding change to the application? I would say no, if you host the javascript yourself and you understand what it's doing. You could be PCI compliant with a tracking script in place. However, if the script is hosted by a third party, then the javascript could change without your consent which still doesn't necessarily invalidate your PCI compliance.
My speculation: You can add javascript to the front end without affecting the payment application, if they are two separate entities. Your payment application will not be invalidated, but you have to make sure you can still answer all questions in the PCI questionnaire truthfully. If you can still answer all question truthfully, then you are still PCI compliant.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.