By Source Defense

Last week Source Defense gathered hundreds of the world’s largest merchants, Payment Service Providers, QSACs and Card Associations to hear from a prominent group of leading thinkers in compliance and data security standards to talk about the upcoming deadline and changes to PCI DSS 4.0. 

The resounding advice?

Don't wait till the last minute. Start looking at this now!

These seasoned professionals, authors of “The Definitive Guide to PCI DSS Version 4: Documentation, Compliance, and Management,” answered audience questions centered around the revamped guidelines.

“We started talking about 6.4.3 and 11.6.1, and both requirements can be met with a Content Security Policy. Now, that gets you compliance. Does that get you security? Maybe not,” he said. “People forget that when your website gets hacked, and that redirect or iframe starts going somewhere it shouldn’t, that’s not on the payment processor. That’s on the merchant. I can’t tell you how many people I’ve encountered who didn’t know they could be breached that way.”

For more thoughts on why you should avoid CSP as an approach – check out this Solution Cheat Sheet from Source Defense.

“Don’t wait till the last minute. Start looking at this now”

The narrative of PCI DSS compliance is at an inflection point, requiring foresight and resilience. Organizations must recognize and seize upon the potential for reinforced trust and unassailable security. The journey toward PCI DSS version 4.0 is a collective obligation that, approached strategically, can elevate industry standards, fortify defense mechanisms, and chart a course toward a safer, more secure digital future.

Source Defense is happy to help you chart that course – we have a number of resources available to you NOW that can help you get moving and close these gaps with virtually no effort.

PCI DSS 4.0 makes client-side security a priority.

Source Defense delivers a solution for 6.4.3 and 11.6.1 without adding a burden to your security teams.