
Payment Card Industry Data Security Standard
PCI DSS v4.0 6.4.3 and 11.6.1 Resources
In March 2022, the Payment Card Industry Security Standards Council released a revised version of its Data Security Standard, commonly known as PCI DSS v4.0. In this revised version are two new sections, 6.4.3 and 11.6.1 which offer guidance regarding 3rd, 4th, and nth party JavaScript running on your websites.
The articles, video and downloadable guide below are for anybody in the PCI DSS industry who focus on PCI DSS security and compliance and can be used as a resource for Qualified Security Assessors (QSA) who want to learn more about staying PCI compliant.
PCI Related Blog Posts & Webinars


[Webinar] 5 Reasons to Act on PCI 4.0 Now
The PCI Council made protecting data at the point of input a focus in PCI DSS 4.0. Sections 6.4.3 and 11.6.1 specifically call for preventative measures to close the security gaps that facilitate client-side attacks.

[Recording] PCI 4 0 Addressing Client Side Security: A QSA Perspective
Digital skimming, formjacking, e-Skimming, Magecart – these are all methods used to steal credit card data and PII from transaction oriented websites. What should QSAs know?

Webinar – A Primer on Client-Side Security
The PCI Council made protecting data at the point of input a focus in PCI DSS 4.0. Sections 6.4.3 and 11.6.1 specifically call for preventative measures to close the security gaps that facilitate client-side attacks.

Your Digital User Experience is Great. But Could it Cost You Millions?
The shift online, with all of its benefits to businesses and consumers, also introduces serious risks to your business. As someone involved in the business side of digital, you need to understand these risks.

[Recording] A Primer on Client side Security PCI QSA Webinar
Digital skimming, formjacking, e-Skimming, Magecart – these are all methods used to steal credit card data and PII from transaction oriented websites. What should QSAs know?


Responding to PCI 11.6.1: When Do I Need to Know if Something Has Changed On My Payment Page?
We’re taking a closer look at PCI 11.6.1, what it entails, and how you can enhance your security strategy to meet this new guidance.
The Essential Guide to PCI DSS 6.4.3 and 11.6.1

Every security practitioner responsible for a public-facing website that accepts payments should inform themselves thoroughly of the implications of this change.
These guidelines inform organizations of the necessity to make changes now. In this guide, we dive deep into PCI DSS v.4.0 and specifically:
- New guidance, PCI 6.4.3 and 11.6.1
- The solutions to addressing this new guidance
- The role of proprietary script or tag-management systems
- Why PCI made these updates in the first place