API for Approved Scanning Vendors

Integrated script compliance & Security


Integrated Script Compliance & Security for ASVs, Payment Gateways, QSAs & SIEMs 

As a partner, you can offer your customers the best in continuous runtime, script compliance by partnering with otto-js. Our solutions are designed to meet requirements and ensure PCI compliance, for the latest version (PCI DSS v4.0). 

PCI Audit scan@2x

Script Integrity: Auditing, Monitoring & Management

  • Full runtime script audit
  • Audit list evidence and recommendations for justifications
  • Show pass/fail scripts
PCI secure@2x

Runtime Policy Enforcement

  • Prevent and detect unexpected script activities
  • CSP templates meet the needs of 99% of merchants
  • Additional custom controls available for edge cases
PCI policy@2x

Malware Guard and Script Shield

  • Threat detection and protection
  • Blocks known malicious attacks at runtime
  • Tamper-resistant, tamper-detection embedded script



Simplify PCI DSS v4.0 Compliance for Your Customers

Let otto-js be your trusted partner in helping your customers safeguard their systems against potential security threats.

New Client-side PCI Requirements

Give your customers 100% website security scanning compliance

New: Requirement 6.4.3

Unauthorized code cannot be present in the payment page as it is rendered in the consumer’s browser. 

This requirement applies to all scripts loaded from the entity’s environment and scripts loaded from third and fourth parties.

New: Requirement 11.6.1

A change- and tamper-detection mechanism is deployed to alert personnel to unauthorized modification to the HTTP headers and the contents of payment pages as received by the consumer browser.