Proven PCI DSS 4.0.1 Compliance, Validated by VikingCloud

A VikingCloud Technical Solution Review for the Payment Card Industry (PCI)

See why VikingCloud, the world’s largest PCI compliance firm, confirmed that Source Defense Protect meets PCI DSS 4.0.1 requirements 6.4.3 and 11.6.1, providing real-time protection against unauthorized scripts and client-side attacks. 

The Compliance Gap That Won’t Go Away

Most organizations have secured their servers but left the browser unguarded. Third- and fourth-party scripts embedded on payment pages still run outside traditional security controls, creating a blind spot for data theft and compliance risk.

PCI DSS 4.0.1 closed that gap by requiring merchants to inventory, authorize, monitor, and protect all scripts on their payment pages. But traditional approaches like CSP and SRI are static, brittle, and operationally heavy.

Independent Validation From VikingCloud

VikingCloud’s April 2024 technical review confirmed that Source Defense Protect provides an effective, behavior-based solution for meeting PCI DSS requirements:

“When configured in ‘Redacted’ or ‘Isolated’ mode, Source Defense Protect was capable of meeting PCI DSS 6.4.3 and 11.6.1.”

- VikingCloud Technical Review

Download the whitepaper here

The Verizon 2024 Payment Security Report found that over 40% of scripts on payment pages access PII or payment data, underscoring how widespread this risk has become. With PCI DSS 4.0.1 now fully enforceable, merchants must show proof that they control client-side scripts, not just scan for vulnerabilities. Source Defense simplifies compliance by automating what used to take weeks:

  • Inventory and Authorization – Know every script and what it does
  • Integrity and Monitoring – Detect unauthorized changes in real time
  • Behavior-Based Protection – Stop eSkimming, formjacking, and data leakage at the source

Download the White Paper

Get the full VikingCloud Technical Review: Source Defense Protect, Behavior-Based Application Defense for PCI Compliance to see:

  • The lab methodology and test results
  • How behavior-based security compares to CSP
  • Real-world examples of keylogging and supply chain attacks stopped in action

About Source Defense

As a PCI Participating Organization and the pioneer in eSkimming security, Source Defense played a role in the development of new requirements for web security found in PCI DSS 4.0.

We’ve helped thousands of the world’s leading brands address these issues. We’ve also been educating merchants, QSAs, PSPs, eCommerce Platform providers and virtually every stakeholder in PCI compliance on the vulnerabilities in modern website design that make eSkimming attacks possible. We’ve made it our misison to provide guidance around ambiguity in the standard; advise on the pros and cons of approaches provided by the council and we recently launched a free assessment, monitoring and management solution for both merchants and their QSAs. 

Scroll
Source Defense
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.