What QSAs Are Saying About PCI DSS 4.0.1 and eSkimming Controls
by Source Defense On a recent Source Defense roundtable, seasoned QSAs gathered to discuss the latest PCI DSS 4.0.1 updates—specifically requirements 6.4.3 and 11.6.1—and how
Digital Skimming: The New Threat to Your Customers & Brand
People who watched this webinar were also interested in
[Whitepaper] Third Party Digital Supply Chain Risk: Exposing the Shadow Code on Your Web Properties
The modern website has a 3rd party digital supply chain of its own. These partners play a critical role in user experience, in site performance, in analytics and in driving improved conversion rates.
They also introduce security and compliance risks that are too often overlooked when considering 3rd party risk management and adherence to strict data privacy mandates such as GDPR.
If your organization conducts transactions or collects sensitive data online, you need to consider your web properties a critical focal area of 3rd party risk management. If you are bound by compliance programs such as a PCI DSS – you’re now guided to focus on the client-side threat introduced by your digital supply chain.
Other things you might be interested in
Client-Side Security Breach Alert: Blue Shield of California Exposes 4.7 Million Members’ Health Data Through Web Analytics Configuration
by Source Defense A recent incident at Blue Shield of California highlights the critical importance of client-side security controls when implementing third-party scripts on healthcare
New Magecart Variant Targets UK Retailer in Stealthy Double-Entry Attack
Source Defense Research Blog | April 23, 2025 A Familiar Threat Resurfaces in the UK Our Source Defense Research team has uncovered an active Magecart-style
CSP FY: A Magecart Attack That Dodges Policy—and Makes a Joke While Doing It
by Source Defense When attackers are clever enough to name their cookie “csp_f_y,” you know they’re not just exfiltrating data—they’re mocking your defenses. In a
