Payment Card Industry Data Security Standard

PCI DSS v4.0 6.4.3 and 11.6.1 Resources

In March 2022, the Payment Card Industry Security Standards Council released a revised version of its Data Security Standard, commonly known as PCI DSS v4.0. In this revised version are two new sections, 6.4.3 and 11.6.1 which offer guidance regarding 3rd, 4th, and nth party JavaScript running on your websites.

The articles, video and downloadable guide below are for anybody in the PCI DSS industry who focus on PCI DSS security and compliance and can be used as a resource for Qualified Security Assessors (QSA) who want to learn more about staying PCI compliant.

PCI Related Blog Posts & Webinars

[Recording] PCI Dream Team Roundtable

Source Defense gathered hundreds of the world’s largest merchants, Payment Service Providers, QSACs and Card Associations to hear from a prominent group of leading thinkers in compliance and data security standards to deliberate the forthcoming tides of transformation encapsulated in PCI DSS version 4.0..

Read More »

[Recording] Kick Starting PCI DSS 4.0

eSkimming is a growing threat to businesses of all sizes. This type of attack involves injecting malicious code into a website to steal credit card data as it is entered by customers. eSkimming attacks can be difficult to detect and prevent, but there are a number of steps that businesses can take to protect themselves.

Read More »
PCI DSS Freemium Tool from Source Defense

Our Gift to the Community – FREE Platform for addressing the web security requirements in PCI DSS 4.0

Some things in security and compliance should be easy. Furthermore, if we truly want to fulfill our collective mission of protecting the world’s organizations and the customers they serve from harm, some things should also be given to the community for FREE. That’s why I’m immensely proud to announce the launch of a FREE PCI DSS 4.0 Compliance Support Solution. The solution is immediately available for the millions of merchants who need to comply with PCI DSS as well as the QSAs that serve them. 

Read More »
PCI DSS 4.0 - Close the eSkimming Gap

[Recording] PCI DSS 4.0 – Close the eSkimming Gap

Digital Skimming and Magecart attacks are the new favorite method of credit card data and PII theft for cyber criminals. Stopping these attacks will require a new way of thinking for eCommerce, Security and Compliance teams. A solution to the problem is easy, cost-effective, rapid, and comes without adding additional workloads to already overworked teams.

Read More »
Webinar Recording - Digital Skimming - The new threat to your customers and brand.

[Recording] Digital Skimming: The New Threat to Your Customers and Brand

Digital Skimming and Magecart attacks are the new favorite method of credit card data and PII theft for cyber criminals. Stopping these attacks will require a new way of thinking for eCommerce, Security and Compliance teams. A solution to the problem is easy, cost-effective, rapid, and comes without adding additional workloads to already overworked teams.

Read More »

The Essential Guide to PCI DSS 6.4.3 and 11.6.1

Essential Guide to PCI DSS 6.4.3 and 11.6.1The Payment Card Industry (PCI) has given serious thought to payment page guidance in DSS v4.0. New sections including 6.4.3 and 11.6.1 indicate the seriousness of this problem.

Every security practitioner responsible for a public-facing website that accepts payments should inform themselves thoroughly of the implications of this change.

These guidelines inform organizations of the necessity to make changes now. In this guide, we dive deep into PCI DSS v.4.0 and specifically:

  • New guidance, PCI 6.4.3 and 11.6.1
  • The solutions to addressing this new guidance
  • The role of proprietary script or tag-management systems
  • Why PCI made these updates in the first place

Download the Guide

Scroll