PCI DSS 6.4.3 and 11.6.1 Resources

In March 2022, the Payment Card Industry Security Standards Council released a revised version of its Data Security Standard, commonly known as PCI DSS v4.0. In this revised version are two new sections, 6.4.3 and 11.6.1 which offer guidance regarding 3rd, 4th, and nth party JavaScript running on your websites.

PCI Related Blog Posts

PCI DSS Source Defense

PCI DSS v4.0: Protect Data at the Point of Input – 2:00pm EDT

You’re protecting data in transit and data at rest, but criminals have shifted their focus to stealing data at the most sensitive point – the point of input. They are issuing new techniques to conduct client-side (browser side) attacks. The issue is so pronounced that the PCI Council made protecting data at the point of input a focus in PCI DSS 4.0. Sections 6.4.3 and 11.6.1 specifically call for preventative measures to close the security gaps that facilitate client-side attacks.

Read More »
PCI DSS Source Defense

PCI DSS v4.0: Protect Data at the Point of Input 9:00am EDT

You’re protecting data in transit and data at rest, but criminals have shifted their focus to stealing data at the most sensitive point – the point of input. They are issuing new techniques to conduct client-side (browser side) attacks. The issue is so pronounced that the PCI Council made protecting data at the point of input a focus in PCI DSS 4.0. Sections 6.4.3 and 11.6.1 specifically call for preventative measures to close the security gaps that facilitate client-side attacks.

Read More »

The Essential Guide to PCI DSS 6.4.3 and 11.6.1

Essential Guide to PCI DSS 6.4.3 and 11.6.1PCI has given serious thought to payment page guidance in DSS v4.0. New sections including 6.4.3 and 11.6.1 indicate the seriousness of this problem.

Every security practitioner responsible for a public-facing website that accepts payments should inform themselves thoroughly of the implications of this change.

These guidelines inform organizations of the necessity to make changes now. In this guide, we dive deep into PCI DSS v.4.0 and specifically:

  • New guidance, PCI 6.4.3 and 11.6.1
  • The solutions to addressing this new guidance
  • The role of proprietary script or tag-management systems
  • Why PCI made these updates in the first place

Download the Guide

Scroll