Mastercard Start Path Selects Source Defense to Combat eSkimming Across the Globe

by Source Defense

Source Defense Joins Prestigious Mastercard Start Path Program

We are proud to announce that Source Defense has been selected to join Mastercard’s Start Path Security Solutions program as we continue on our mission to combat the global eSkimming threat. As a participant in the competitive Mastercard Start Path program, Source Defense has the opportunity to work hand-in-hand with Mastercard to drive ecosystem wide visibility into this critical area of third-party risk, bring solutions rapidly to market, and combat this significant area of payments fraud.

eSkimming is recognized as one of the biggest areas of fraud confronting card brands, merchant acquirers, merchants and the consumers they serve. It has become a critical compliance priority in Payment Card Industry Data Security Standard (PCI DSS) and a core focal area of Mastercard’s vision to combat fraud and foster trust in online commerce.

Mastercard selected Source Defense given our pioneering position and market leadership in eSkimming security. Our companies align in both mission and vision – seeking to detect and combat fraud while delivering consumer confidence and transparency across the global eCommerce ecosystem.

The Source Defense Difference

Mastercard Start Path is a competitive startup engagement program providing global support for innovative fintechs. Source Defense was handpicked to participate in Start Path based on our demonstrated market leadership, our advanced product capabilities and our focus on constant innovation at the intersection of security and commerce.

Source Defense was the first to recognize the shifting cyber-crime threat landscape in 2016 – understanding that the digital supply chain that powers the modern website was overlooked in third-party risk management, left unaddressed by traditional web security technologies, and was soon to be a primary target of adversaries around the globe. Bringing the first eSkimming solution to market, the company singlehandedly created the category of client-side security and has been driving understanding, focus on, and solutions to the threat ever since.

Source Defense has played an integral role in combatting eSkimming for the past decade – assisting in the development of eSkimming compliance requirements found in PCI DSS 4.01 and working hand in hand with the PCI Council as both a Principal Participating Organization and member of the PCI Board of Advisors. Most importantly, Source Defense is the market leader in eSkimming prevention – securing the backbone of the global eCommerce payments ecosystem through its relationships with card brands, merchant acquirers, payment service providers, merchants and QSAs around the world.

Today we protect more than 1,000 of the world’s most recognized brands, countless other medium and large sized enterprises, and our platform is trusted by leading QSAC firms including Coalfire and VikingCloud.

This partnership provides an opportunity for Source Defense to extend its eSkimming security reach even farther and reflects a shared commitment to strengthening the digital payments ecosystem through modern, scalable security controls.

Our Unique Approach: Behavior-Based Protection and Continuous Security Evolution

Most legacy approaches to eSkimming risk rely on static controls such as Content Security Policy (CSP) or Subresource Integrity (SRI). While helpful in limited contexts, these controls struggle in dynamic environments and cannot reliably prevent sophisticated runtime attacks.

Source Defense is trusted around the globe as the security solution of choice for eCommerce because of our unique product vision:

  • We offer the strongest protection possible against eSkimming through our patented behavioral-based approach to digital supply chain management
  • Our solutions deliver the strongest return on investment and lowest cost of ownership through a deliberate focus on ease of use and ‘set-it-and-forget-it’ design
  • We stop eSkimming attacks dead in their tracks but collect unparalleled data from failed attacks – providing feature rich, actionable threat intelligence
  • Our solutions are designed with compliance management in mind, providing one click compliance controls and compliance reporting capabilities

Our solutions take a fundamentally different approach to the problem:

  • Real-time JavaScript sandboxing that isolates third- and fourth-party scripts in the browser
  • Behavior-based policies that control what scripts are allowed to read, write, or transmit
  • Automatic script inventory and authorization workflows
  • Continuous change detection aligned to PCI DSS 4.0.1 (6.4.3 and 11.6.1)
  • Proactive blocking of unauthorized data access before exfiltration occurs

Our selection into Mastercard Start Path comes at a time when eSkimming attacks are evolving rapidly.

In our 2025 eSkimming Landscape Report, we documented more than 90 distinct campaigns targeting thousands of e-commerce sites globally. Attackers systematically abused trusted platforms such as Google Tag Manager and cloud services, deployed double-entry overlays to bypass iframe protections, and used silent skimming techniques to evade static controls. Techniques are advancing at a rapid pace and our commitment to continuous threat research enables us to evolve our solutions to combat those advances at every turn.

Turning Security into Ecosystem Strength

“Digital commerce depends on trust,” said Ross Hogan, CEO of Source Defense. “Mastercard understands that protecting consumer data requires more than perimeter controls. eSkimming security is now central to detecting and combating fraud at scale. We are honored to work alongside Mastercard to strengthen transparency, confidence, and protection across the global eCommerce ecosystem.”

Mastercard Start Path brings together innovative companies committed to enhancing security and trust across digital interactions. We are proud to contribute our expertise in:

  • eSkimming and Client-side fraud prevention
  • Payment flow integrity
  • Digital supply chain visibility
  • PCI DSS 4.0.1 enablement

Together, we aim to reduce systemic risk in online commerce and elevate the security baseline for merchants, acquirers, payment service providers, and consumers worldwide.

A Clarion Call – Join Us

If you are a:

  • Merchant managing complex digital experiences
  • Merchant Acquirer responsible for portfolio-wide risk
  • Payment Service Provider embedding payment functionality
  • Qualified Security Assessor guiding clients through PCI DSS 4.0.1

We invite you to engage with us and see firsthand why Mastercard selected Source Defense for its Start Path program.

The eSkimming threat is real and growing. The compliance mandate is clear. Consumer trust is earned through proactive protection.

Engage with us today – we stand at the ready to help.

Related Posts:

New Breed of Magecart: GTMs Working Together, JavaScript Hidden in CSS
The CSP and SRI Illusion: Why They Don’t Stop eSkimming
Revenue Risk Hidden in Fly by Night New eSkimming Tools

PCI DSS 4.0 makes client-side security a priority.

Source Defense delivers a solution for 6.4.3 and 11.6.1 without adding a burden to your security teams.

Download the Guide
Scroll
Source Defense
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.