PhishFence for PCI DSS 4.0
PCI DSS 4.0 added Requirement 5.4.1: organizations must deploy mechanisms to detect and protect personnel against phishing attacks. PhishFence directly addresses this requirement with continuous monitoring of lookalike domain registrations, DMARC enforcement guidance, and producible audit evidence.
Requirement 5.4.1 — anti-phishing mechanisms
The PCI Council's prescriptive language for 5.4.1 says organisations must "deploy automated technical controls for detecting and protecting personnel against phishing attacks." How PhishFence covers each sub-element:
Lookalike domain detection
PhishFence generates 150+ typosquat / homoglyph / TLD-swap variants of your protected domain and continuously scans DNS, SSL CT logs, and live HTTP for any active variant. Alerts fire within minutes of a malicious registration. Evidence: timestamped alert log, retained for the audit window.
Email authentication enforcement
DMARC, SPF, and DKIM monitoring with the enforcement wizard guiding you from p=none to p=reject. The audit trail records every policy transition. Evidence: per-domain rollout history with timestamped wizard step-advances.
Per-message visibility
Inbound DMARC aggregate reports parsed and surfaced per source IP, with PTR / ASN / country enrichment. Operators see which servers are sending email in your name. Evidence: 90-day aggregate report retention; longer on Pro/Business plans.
Incident response workflow
Per-alert action surface with one-click registrar abuse report, Google Safe Browsing submission, and Cloudflare block requests. Each action is logged with timestamp and operator identity. Evidence: alert lifecycle log from detection to takedown.
Other PCI DSS controls PhishFence supports
Requirement 12.6.3.1 — security awareness covering phishing
PhishFence's lookalike alerts can be cited in your awareness program as real-world examples of attacks targeting your brand.
Requirement 11.4 — intrusion detection / change monitoring
DNS / SSL certificate / MX-record changes on lookalike domains are monitored continuously; new infrastructure activations trigger alerts.
Requirement 10.x — audit trail
All operator actions on monitored domains and alerts are recorded with user, timestamp, IP, and action detail. Audit log is append-only by convention.
Evidence pack for your QSA
The compliance evidence pack (one click on the dashboard) includes:
- Domain monitoring scope: which domains are protected, since when
- DMARC posture history: timestamped policy transitions per domain
- Alert log: every detection from the audit window with disposition
- Audit trail extract: every operator action with actor + timestamp
- Mapping table: each PCI DSS sub-requirement to the PhishFence evidence that addresses it
Have a PCI 4.0 audit coming up?
Sign up free, monitor your domain in 60 seconds, and have an evidence-ready setup by your QSA's next site visit.
PhishFence is not a Qualified Security Assessor (QSA) and does not perform PCI DSS assessments. We provide controls and evidence; certification of compliance is solely the QSA's role. Statements above describe how PhishFence outputs typically map to PCI DSS 4.0 requirements; your QSA's interpretation governs.