PCI 4.0 - Addressing Client Side Security: A QSA Perspective

Protecting Data at the Point of Input

You’re protecting data in transit and data at rest, but criminals have shifted their focus to stealing data at the most sensitive point – the point of input. They are issuing new techniques to conduct client-side (browser side) attacks. 

The issue is so pronounced that the PCI Council made protecting data at the point of input a focus in PCI DSS 4.0. Sections 6.4.3 and 11.6.1 specifically call for preventative measures to close the security gaps that facilitate client-side attacks.

Join Randy Paszek, Solution Engineer, Office of the CTO for Source Defense, and Bill Nguyen, QSA Associate Manager of Payment for Tevora for a deep dive into how these attacks occur, a breakdown of the current technical environment surrounding client-side security, and an analysis of the guidance found in 6.4.3 and 11.6.1 that will help you easily get on the path to protecting data at the point of input.  

Key takeaways: 

  • Hear from QSAs from Tevora on the updates included in PCI DSS 4.0, specifically 6.4.3 and 11.6.1
  • Gain a complete understanding of client-side attacks and how they operate outside your other web security protections 
  • Understand how criminals are exploiting your own code and your 3rd party digital supply chain to steal data at the point of input 
  • Compare and contrast the available options for addressing client-side attacks 
  • Learn how you can easily address the issue of client-side attacks without adding more work for your security teams 

Let us know who you are.