By Ross Hogan

Some things in security and compliance should be easy. Furthermore, if we truly want to fulfill our collective mission of protecting the world’s organizations and the customers they serve from harm, some things should also be given to the community for FREE. That’s why I’m immensely proud to announce the launch of a FREE PCI DSS 4.0 Compliance Support Solution. The solution is immediately available for the millions of merchants who need to comply with PCI DSS as well as the QSAs that serve them. 

Designed to make the new, complex requirements for web security found in PCI DSS 4.0 simple, easy to assess, manage, and monitor – this new Source Defense platform not only addresses the requirements found in 6.4.3 and 11.6.1, it helps close the door on the leading vector of attack for web based data theft. For even further immediate benefit, it also augments ongoing compliance processes like vulnerability assessment and pentesting with “click-of-a-button” report exports containing critical information otherwise inaccessible to compliance or security teams.

The specific changes in PCI DSS 4.0 mentioned above (6.4.3 & 11.6.1) address a growing problem related to both leakage and theft of data that threatens 97% of the websites around the world. They come in direct response to the prolonged and growing threat of data theft through eSkimming/digital skimming and Magecart attacks. These attacks target websites collecting sensitive information, PII and credit card data by hijacking the 3rd party website supply chain – the dozens of partners used to power the modern website experience. Their client-side code (delivered in EVERY web session), is composed entirely of code that is unmanaged and unprotected by your current security efforts. This code is often accessing information that is privacy protected and is far too often hijacked by cybercriminals. Too many website owners remain unaware of the normal and potentially malicious behavior these partners introduce in every web session – we, along with the PCI Council, aim to change that.

Visa recently sounded alarm bells on this threat – reporting a whopping 176% spike in eSkimming attacks. On the data leakage front, high-profile lawsuits relating to 3rd party access to sensitive data (leakage of data when no attack is present) have also rocked the news.

Our response? A give to the security and compliance communities that helps address all the majority of these new requirements under PCI DSS 4.0 and in the process, advances security and data privacy postures. 

What Does this FREE Platform Do? 

As the pioneer in client-side security, Source Defense has long focused on delivering security solutions that don’t add additional burden to security teams. We’ve carried that core focus forward with this FREE solution. Merchants and QSAs registering for this new platform will get all of this, out of the box, and with virtually no strain on already strained security and compliance operations:

  • Inventory:  get an inventory of every script running on website payment pages, including a method for monitoring and tracking additions (required under 6.4.3)
  • Justification: gain the ability to seek, document and manage justification of any scripts on website payment pages (required under 6.4.3)
  • Integrity Monitoring: address the stringent requirement for weekly integrity monitoring of HTTPS header and scripts found on website payment pages
  • Alerting: alert on suspicious and malicious activity found on website payment pages (required under 11.6.1)
  • Blocking: feed alerts to your security team or automatically block all suspicious and malicious activity by upgrading (required under 11.6.1)
  • Reporting: easily integrate findings into the broader set of PCI compliance processes that you manage on a monthly, quarterly and yearly basis 

Where will your organization be in its compliance journey when the Payment Card Industry Data Security Standard (PCI DSS) Version 4.0 goes into effect? Register today and the answer will be – a lot farther along and far more secure. 


We are a mission-driven organization that strives to ensure data privacy for the online community so that everyone can enjoy worry-free commerce and communications. It is this dedication that I most admired as a founding team member of Source Defense and what inspired me to return as the new CEO. Our clients love our technology because it makes the complex simple and is one of the only things in security that can truly be described as ‘set it and forget it.’ 

I invite all merchants and the QSAs that support them to join the Source Defense community by taking advantage of this free offering. Get moving. REGISTER TODAY!!! Ask us for advice. Lean on us to help drive your security forward. Our team stands ready to help.

PCI DSS 4.0 makes client-side security a priority.

Source Defense delivers a solution for 6.4.3 and 11.6.1 without adding a burden to your security teams.