How Nextiva Fast-Tracked PCI DSS 4.0.1

See how Nextiva closed its eSkimming risk gap and automated PCI DSS 4.0.1 compliance.

Nextiva needed to comply with new PCI DSS 4.0.1 requirements for payment page scripts while managing a complex web environment with many third and fourth party integrations. Like most teams, they had limited visibility into JavaScript running in the browser and no easy way to prove control for 6.4.3 and 11.6.1.

In this case study, you will see how Nextiva used Source Defense to reach full compliance in about a week, automate ongoing monitoring, and reduce eSkimming risk without a large internal project.

What you will learn

After reading the case study, you will learn how Nextiva:
  • Built a complete inventory of third and fourth party scripts on its payment pages
  • Confirmed which scripts were authorized and ensured script integrity for PCI DSS 4.0.1
  • Implemented real time monitoring to detect and block suspicious script behavior
  • Simplified evidence gathering for assessors with a dedicated PCI dashboard
  • Deployed Source Defense with minimal engineering effort and low ongoing maintenance
Use Nextiva’s experience as a practical blueprint to de-risk your own payment pages and take pressure off your PCI DSS 4.0.1 program.

Is this case study for you?

This case study is a strong fit if you are:
  • A CISO, security leader, or PCI owner responsible for online payments
  • A GRC or risk leader tasked with meeting requirements 6.4.3 and 11.6.1
  • An application, infrastructure, or payment engineering lead managing web payment flows
  • Evaluating alternatives to CSP or SRI based approaches for eSkimming security
If you accept card payments online and rely on multiple third and fourth party scripts, this story will feel familiar.

Get the Nextiva Case Study

Nextiva results at a glance

In the case study, you will see how Nextiva:
  • Achieved PCI DSS 4.0.1 compliance for requirements 6.4.3 and 11.6.1 in about one week
  • Gained clear visibility into all third and fourth party scripts on payment pages
  • Turned script monitoring and reporting into an automated, low effort process
  • Strengthened protection against eSkimming and JavaScript based data theft
  • Gave assessors a straightforward, evidence backed view of payment page controls

“Complying with Requirements 6.4.3 and 11.6.1 is completely automated thanks to Source Defense. The PCI dashboard provides a clear overview of the compliance status across all of our payment pages.”

— Bruce Walton, Senior Information Security Manager, Nextiva

What To Expect In The First 30 Days

Source Defense uses a defined onboarding process that moves from discovery to full protection in less than a month.
You can expect:

  • Automatic discovery and scoping of all scripts across your payment flows
  • A custom PCI dashboard with live findings
  • Recommended behavioral policies for each script
  • Quick deployment and validation
  • QSA ready reporting for 6.4.3 and 11.6.1
Many customers complete this cycle in under 30 days.

About Source Defense

As a PCI Participating Organization and the pioneer in eSkimming security, Source Defense played a role in the development of new requirements for web security found in PCI DSS 4.0.

We’ve helped thousands of the world’s leading brands address these issues. We’ve also been educating merchants, QSAs, PSPs, eCommerce Platform providers and virtually every stakeholder in PCI compliance on the vulnerabilities in modern website design that make eSkimming attacks possible. We’ve made it our misison to provide guidance around ambiguity in the standard; advise on the pros and cons of approaches provided by the council and we recently launched a free assessment, monitoring and management solution for both merchants and their QSAs. 

Scroll
Source Defense
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.