PCI DSS 4.0.1: When eSkimming Compliance Creates a False Sense of Security
by Source Defense PCI DSS 4.0.1 was supposed to close the gap on eSkimming. The extended deadline for the new eSkimming controls came and went
Webinar Replay: Community Enablement
Download the CoalFire whitepaper below
[Whitepaper] CoalFire Provides Guidance on PCI DSS 6.4.3 and 11.6.1
Guidance from CoalFire on the eSkimming Security requirements found in PCI DSS 4.0.
The most talked about and concerning new requirements in PCI DSS 4.0 fall under sections 6.4.3 and 11.6.1. For the first time, merchants are required to implement security controls to prevent eSkimming attacks. These new requirements require control of all scripts running on merchant eCommerce websites.
In this new whitepaper “A Holistic Approach to Protecting Credit Card Payment Flows,” CoalFire chimes in with background on the problem, guidance on scope, advice on how best to secure credit card data in eCommerce transactions, and a review of the Source Defense approach.
Other things you might be interested in
Fake Stripe forms show why payment providers can’t protect real shopper
FAKE STRIPE FORMS SHOW WHY PAYMENT PROVIDERS CAN’T PROTECT REAL SHOPPERS Attackers found a way to turn Stripe’s trusted checkout into a fake, look-alike experience that
Next-gen magecart: two websockets, fake checkout, silent skimming via GTM
NEXT-GEN MAGECART: TWO WEBSOCKETS, FAKE CHECKOUT, SILENT SKIMMER VIA GTM Attackers found a clever way to steal payment and personal data by hiding inside a
Magento feature abused to bypass payment provider and steal credit cards
MAGENTO FEATURE ABUSED TO BYPASS PAYMENT PROVIDER AND STEAL CREDIT CARDS Attackers have discovered a clever new way to steal credit card data: by turning