Control flow
Payment page risk often appears in the browser before it is visible in backend logs: a script changes, a form behaves differently, or a third-party call enters the checkout path. The flow below shows how Cartelta turns that client-side moment into structured context for security, product owners, and audit work.
01
End-user browser
02
Checkout page
03
JSIR event
04
Team dashboard
Step 1
Customer site opens
The end user opens the customer's site and starts a session. The diagram shows the starting point of the client-side journey.
1. End-user browser
Payment page customer
User opens the site
2-3. Payment page
Payment page scripts
Payment page loads
Customer scripts
Payment logic
JSIR
Page monitoring
4. JSIR
JSIR server
Waiting for events
Alerts
0
Status
Waiting
5. Account
JSIR customer dashboard
Current summary
Alerts
12
New alert
Event details
JSIR customer dashboard
The customer dashboard gives teams a clear view of payment pages: alert details, problem areas, context, and remediation guidance.
Customer dashboard
Overall score
High
Attention areas
2
Period summary
Status: most key pages look stable
Several problem areas require team attention
Overview
Overall payment page status
A process owner sees a compact picture: what is stable, where attention is needed, and how the situation changes over time.
Overall payment page status
Security trend
Priority setting for remediation
Tools for CISO teams: PCI DSS 6.4.3 and 11.6.1 support, web skimming risk reduction, and evidence preparation for QSAs and acquirers.
Automated script inventory with owners for requirement 6.4.3, Dynamic SRI generation, payment page change detection from the end-user browser for 11.6.1, operational alerts, and evidence exports for QSA review.
PCI DSS 4.0 to 4.0.1 gap analysis, rollout planning for requirements 6.4.3 and 11.6.1, TAR and evidence preparation, JSIR integration into SOC processes, and support through the final assessor report.
© 2026 Cartelta. All rights reserved.
Send request