CoalFire Provides Guidance on PCI DSS 6.4.3 and 11.6.1

A Holistic Approach to Protecting Credit Card Payment Flows

Guidance from CoalFire on the eSkimming Security requirements found in PCI DSS 4.0 

The most talked about and concerning new requirements in PCI DSS 4.0 fall under sections 6.4.3 and 11.6.1. For the first time, merchants are required to implement security controls to prevent eSkimming attacks. These new requirements require control of all scripts running on merchant eCommerce websites. In this new whitepaper “A Holistic Approach to Protecting Credit Card Payment Flows,” CoalFire chimes in with background on the problem, guidance on scope, advice on how best to secure credit card data in eCommerce transactions, and a review of the Source Defense approach.  

"Coalfire has determined that the Source Defense platform can offer value for proactive and reactive risk management..."

Key Takeaways:

  • Background – Delve into a detailed analysis of the eSkimming threat landscape, understanding the vulnerabilities of modern websites, and the evolution of adversary tactics that elevate the urgency of tackling these challenges.
  • Clarification – remove any ambiguity on scope and get to the heart of what the standard is mandating – protection of payment flows – not just “payment pages”  
  • Guidance – get an honest assessment of various approaches to addressing the eSkimming threat
  • Expanded Thinking – learn how adopting a risk based approach to your PCI DSS compliance requirements can help address broader data privacy compliance requirements  

Download the whitepaper here

Why You Should Download the Full Whitepaper

✔ Gain a Clear Understanding of Scope

CoalFire helps remove any confusion related to the scope of 6.4.3 and 11.6.1 – it is about payment flows! 

✔ Gain an Unbiased Opinion

Hear from one of the most respected names in the PCI DSS Compliance industry on all things eSkimming security. 

✔ Chart a Roadmap for Success

Get guidance from CoalFire on ways to approach the eSkimming security requirements found in 6.4.3 and 11.6.1 

Don’t leave your e-commerce payment security to chance. Get access to the full whitepaper and take the first step towards a more secure online payment process.

About Source Defense

As a PCI Participating Organization and the pioneer in eSkimming security, Source Defense played a role in the development of new requirements for web security found in PCI DSS 4.0.

We’ve helped thousands of the world’s leading brands address these issues. We’ve also been educating merchants, QSAs, PSPs, eCommerce Platform providers and virtually every stakeholder in PCI compliance on the vulnerabilities in modern website design that make eSkimming attacks possible. We’ve made it our misison to provide guidance around ambiguity in the standard; advise on the pros and cons of approaches provided by the council and we recently launched a free assessment, monitoring and management solution for both merchants and their QSAs.