www.humansecurity.com
Open in
urlscan Pro
2606:2c40::c73c:671d
Public Scan
Submitted URL: https://go.humansecurity.com/MDAxLVZKWC0xMDQAAAGPxYTm5An8ij5YY605Wlb3FVttFJztlAd8p5Cx5lqYettqh0BmZ_O8T5tHauqRq95TUwIhlH8=
Effective URL: https://www.humansecurity.com/learn/blog/how-pci-dss-v4.0-is-changing-payment-data-security?utm_source=marketo&utm_medium=emai...
Submission Tags: falconsandbox
Submission: On December 01 via api from US — Scanned from DE
Effective URL: https://www.humansecurity.com/learn/blog/how-pci-dss-v4.0-is-changing-payment-data-security?utm_source=marketo&utm_medium=emai...
Submission Tags: falconsandbox
Submission: On December 01 via api from US — Scanned from DE
Form analysis
1 forms found in the DOMGET https://www.humansecurity.com/hs-search-results
<form class="menu-search" action="https://www.humansecurity.com/hs-search-results" method="GET">
<input name="term" placeholder="Search">
<input type="hidden" name="type" value="SITE_PAGE">
<input type="hidden" name="type" value="BLOG_POST">
<input type="hidden" name="type" value="LISTING_PAGE">
<button></button>
</form>
Text Content
This website stores cookies on your computer. These cookies are used to collect information about how you interact with our website, customize your browsing experience, and for analytics and metrics about our visitors both on this website and other media. To find out more, see our Privacy Policy. Accept Decline X Secure 2024: Forrester Wave™ Q2 2022 Showcases Leading Bot Management Solutions Learn More * Platform * * Human Defense Platform One powerful platform to safeguard your entire organization from digital attacks * Account Takeover Prevent account compromise * Account Fraud Detect fake account creation * Client-Side Avoid client-side attacks and PII leakage * Data Contamination Ensure accurate data and analytics * Transaction Abuse Stop fraudulent financial transactions * Scraping Block unwanted data exfiltration * Programmatic Ad Fraud Protect digital advertising transactions * Malvertising Serve clean ads * * Digital Advertising * Finance * Healthcare & Insurance * Marketplaces * Public Sector * Retail & eCommerce * Streaming & Media * Technology Platforms * Travel & Entertainment * FinTech * * Disrupt Fraud & Abuse Safeguard your organization from bot attacks, fraud, and account abuse by disrupting the economics of cybercrime * * Holiday Readiness Guide: Stop Fraud in its Tracks Ebook HUMAN Security on Google Cloud will help you stave off those holiday bot blues. August 21, 2023 * 2023 Bad Bot Holiday Report Report Grinch bots, carding, and account abuse during the holiday season. August 9, 2023 * A CISO’s Guide to Fraud Prevention: The Art of Modern Defense in Online Fraud Ebook By incorporating modern cybersecurity defenses and emphasizing proactive strategies, CISOs can more effectively safeguard their organizations. July 11, 2023 * Products * * Request a Free Bot Risk Assessment Learn More * * HUMAN Bot Defender Protect web and mobile applications and APIs from sophisticated bot attacks * * Account Defender Safeguard online accounts from fraud and abuse * * Code Defender Protect your website from client-side supply chain attacks * * Credential Intelligence Stop real-world credential stuffing attacks with an additional layer of defense * * BotGuard for Growth Marketing Protection for your marketing funnel and sales efforts * * MediaGuard Protection for DSPs, SSPs, media owners and brands from fraud * * cleanAD Protect against malvertising * * For Security Minimize vulnerabilities and defend your organization from advanced threats * For Fraud Prevent business loss and keep your customer’s experience friction-free * For Ad Tech Protect advertising supply chains and digital channel investments to boost ROI * For Marketing Improve your performance marketing by keeping fraudulent traffic out of your digital channels * For Product Preserve digital experiences that are free of fraud and abuse for real humans * Learn * * Blog HUMAN Insight and Research from our team * Case Studies See what customers have to say about HUMAN * Webinars Videos and content about HUMAN expertise and industry intelligence * * Resource Center Blogs, whitepapers, research, videos, articles—all in one place * Documentation Details about HUMAN's products and interfaces. * * * Satori Threat Intelligence Research Team HUMAN’s Satori Threat Intelligence and Research Team proactively uncovers and disrupts bot-driven threats. * Bot Insights Get the insights you need to protect your business from bots * * Account Takeover * Ad Fraud * Application Security * Blocking Bots * Bots * Bot Detection * Brute Force Attack * Captcha * Carding * Credential Stuffing * E-commerce Security * Fake Account Creation * PCI DSS Compliance * PII Harvesting * Shadow Code * Supply Chain Attack * Web Scraping * Company * * About HUMAN safeguards against bot attacks and fraud * News HUMAN in the News * Careers Find your next career move with HUMAN * * Leadership Meet the elite bot threat hunters dedicated to making the internet a safer place * Board of Directors Meet the minds behind HUMAN’s mission * The Human Collective Collective protection to fight ad-based fraud * * Satori Threat Intelligence Research Team HUMAN’S Satori Threat Intelligence and Research Team proactively uncover and disrupt bot-driven threats * * Human Overview How does HUMAN protect the internet from the influences of sophisticated bots? Read more in our overview. Download * Partners * * The Human Collective Collective protection to fight ad-based fraud * Partnerships and Integrations HUMAN integrates with several technology partners, ensuring bot mitigation success in any environment. * Resellers Explore HUMAN's technology through channel partners, combining bot mitigation and other security solutions. * * Become a Partner HUMAN collaborates with the world's leading technology companies * Partner Portal Log into the HUMAN Partner Portal for collateral, documentation, and other partnership needs. * Request a Free Bot Risk Assessment * Request a Demo * Platform * * Human Defense Platform One powerful platform to safeguard your entire organization from digital attacks * Account Takeover Prevent account compromise * Account Fraud Detect fake account creation * Client-Side Avoid client-side attacks and PII leakage * Data Contamination Ensure accurate data and analytics * Transaction Abuse Stop fraudulent financial transactions * Scraping Block unwanted data exfiltration * Programmatic Ad Fraud Protect digital advertising transactions * Malvertising Serve clean ads * * Digital Advertising * Finance * Healthcare & Insurance * Marketplaces * Public Sector * Retail & eCommerce * Streaming & Media * Technology Platforms * Travel & Entertainment * FinTech * * Disrupt Fraud & Abuse Safeguard your organization from bot attacks, fraud, and account abuse by disrupting the economics of cybercrime * * Holiday Readiness Guide: Stop Fraud in its Tracks Ebook HUMAN Security on Google Cloud will help you stave off those holiday bot blues. August 21, 2023 * 2023 Bad Bot Holiday Report Report Grinch bots, carding, and account abuse during the holiday season. August 9, 2023 * A CISO’s Guide to Fraud Prevention: The Art of Modern Defense in Online Fraud Ebook By incorporating modern cybersecurity defenses and emphasizing proactive strategies, CISOs can more effectively safeguard their organizations. July 11, 2023 * Products * * Request a Free Bot Risk Assessment Learn More * * HUMAN Bot Defender Protect web and mobile applications and APIs from sophisticated bot attacks * * Account Defender Safeguard online accounts from fraud and abuse * * Code Defender Protect your website from client-side supply chain attacks * * Credential Intelligence Stop real-world credential stuffing attacks with an additional layer of defense * * BotGuard for Growth Marketing Protection for your marketing funnel and sales efforts * * MediaGuard Protection for DSPs, SSPs, media owners and brands from fraud * * cleanAD Protect against malvertising * * For Security Minimize vulnerabilities and defend your organization from advanced threats * For Fraud Prevent business loss and keep your customer’s experience friction-free * For Ad Tech Protect advertising supply chains and digital channel investments to boost ROI * For Marketing Improve your performance marketing by keeping fraudulent traffic out of your digital channels * For Product Preserve digital experiences that are free of fraud and abuse for real humans * Learn * * Blog HUMAN Insight and Research from our team * Case Studies See what customers have to say about HUMAN * Webinars Videos and content about HUMAN expertise and industry intelligence * * Resource Center Blogs, whitepapers, research, videos, articles—all in one place * Documentation Details about HUMAN's products and interfaces. * * Satori Threat Intelligence Research Team HUMAN’s Satori Threat Intelligence and Research Team proactively uncovers and disrupts bot-driven threats. * Bot Insights Get the insights you need to protect your business from bots * * Account Takeover * Ad Fraud * Application Security * Blocking Bots * Bots * Bot Detection * Brute Force Attack * Captcha * Carding * Credential Stuffing * E-commerce Security * Fake Account Creation * PCI DSS Compliance * PII Harvesting * Shadow Code * Supply Chain Attack * Web Scraping * Company * * About HUMAN safeguards against bot attacks and fraud * News HUMAN in the News * Careers Find your next career move with HUMAN * * Leadership Meet the elite bot threat hunters dedicated to making the internet a safer place * Board of Directors Meet the minds behind HUMAN’s mission * The Human Collective Collective protection to fight ad-based fraud * * Satori Threat Intelligence Research Team HUMAN’S Satori Threat Intelligence and Research Team proactively uncover and disrupt bot-driven threats * * Human Overview How does HUMAN protect the internet from the influences of sophisticated bots? Read more in our overview. Download * Partners * * The Human Collective Collective protection to fight ad-based fraud * Partnerships and Integrations HUMAN integrates with several technology partners, ensuring bot mitigation success in any environment. * Resellers Explore HUMAN's technology through channel partners, combining bot mitigation and other security solutions. * * Become a Partner HUMAN collaborates with the world's leading technology companies * Partner Portal Log into the HUMAN Partner Portal for collateral, documentation, and other partnership needs. * Request a Free Bot Risk Assessment * Request a Demo CONTACT SALES Connect with a HUMAN bot protection expert to find out how our products can help you meet your project deadline and security needs CUSTOMER SUPPORT Get in touch with HUMAN for any questions or concerns you may have BLOG HUMAN Insight and Research from our team THIS IS A TITLE This is a subtitle Some content goes here.. THIS IS A TITLE This is a subtitle Some content goes here.. THIS IS A TITLE This is a subtitle Some content goes here.. HUMAN Blog HOW PCI DSS V4.0 IS CHANGING PAYMENT DATA SECURITY By Shaul Badusa, Manager, Code Defender Jun 7, 2023 Data, Code Defender, Compliance Many organizations that accept payment cards, either in-person or online, are required to meet a specific set of security standards to protect that sensitive information. These standards—named Payment Card Industry Data Security Standard, or PCI-DSS—are updated periodically to reflect new technologies and new understandings of data security. The most recent version of the standard, Version 4.0, was introduced in March 2022. For the moment, two different versions are “active:” the aforementioned v4.0 and its predecessor, v3.2.1, with the older standard scheduled to phase out by the end of March 2024. With that timeline in mind, credit card companies and vendors who conduct credit card transactions have until March 2025 to demonstrate compliance with v4.0. This timeline is crucial, as failure on the part of a credit card processor to comply with PCI-DSS may result in reputation damage and rejection by credit card companies for processing payments. Therefore, it is imperative for companies to implement appropriate security measures to safeguard payment card information well before new compliance requirements go into effect. Adhering to the new version of PCI-DSS is required for organizations to: * Protect their customers’ data and their own reputation * Continue to accept credit card payments * Avoid fines, losses due to fraud, and loss of insurance * Demonstrate to other companies, especially merchant banks and card brands, that they are secure and trustworthy. As a result, the customers of compliant organizations are better protected from fraud, identity theft, personal information leakage, and other malicious activities. Needless to say, every organization that handles payment card information is taking this update very seriously. ON THE CLIENT SIDE One of the new requirements for organizations is to keep an inventory of all running scripts, authorize each script (with justifications for why), verify their behavioral integrity, and occasionally conduct risk ranking and vulnerability checks. In addition, there is a new requirement for HTTP header tampering protection for all scripts and resources loaded into the website, which necessitates a system to track the current status and notify of any changes. The PCI-DSS council recognizes the importance of client-side protection due to the emergence of various attack surfaces in recent years that target the code executed on an end user's device. Supply-chain attacks serve as a prime example of such threats, exploiting the fact that many client-side scripts are loaded from external servers beyond the organization’s control. Common examples of components that are typically hosted on vendor servers instead of organization servers include analytic vendors, ads, and UI/UX components. SOLVING THE COMPLIANCE PROBLEM When a standard demands specific domain knowledge—such as client-side protection—organizations often choose to use third-party tools to meet their needs. There are, for example, scanner-based options that periodically scan the website for vulnerabilities. Another option is checks and tests of the static code itself. However, given the security considerations and modern web architecture, relying solely on these methods may not provide the complete picture and could be vulnerable to malicious activities that bypass those check mechanisms easily. A script could be modified and cause significant harm to a business and its reputation between deployment and detection, if the detection process is only carried out weekly or monthly. In other cases, even if a script is in place just before the scan, it may not run while the scanner performs a check. This is a common occurrence when dealing with web security, as some scripts are specifically designed to identify and evade scanning tools. Another possible solution is to use tools that rely on real-time traffic. Given the dynamic nature of third-party script updates and their critical role in many organizations, it's essential to have a client-side protection solution that can continuously monitor script behavior, detect any tampering with the script (including headers and all resources), and provide website owners with visibility into the actions of these scripts. By performing detection on the actual website's traffic, a more comprehensive solution can be achieved while ensuring compliance and providing the necessary visibility to website owners. Using this continuous approach can help strike a balance between development effort, hosting costs, security concerns, and regulatory requirements. This ensures that the website remains operational while maintaining the necessary security measures to prevent data breaches and leaks. Similar to a WAF, such a tool should enable customers to set policies to enforce and receive notifications of any suspicious activities that do not comply with the policy rules. Additionally, the tool must be capable of reacting in real-time to such suspicious activities—either by mitigating or investigating them—to keep the website protected and functioning properly. CLIENT-SIDE DEFENSE: THE SOLUTION FOR PCI DSS COMPLIANCE HUMAN Client-side Defense for PCI DSS Compliance offers a robust client-side protection solution that addresses the requirements of the new PCI-DSS version. The solution is designed to meet the new standard requirements, providing script inventory, authorization, and justification; audit trail records; and real-time notification and mitigation of potential risks. Client-side Defense can establish policies, enforce them, and mitigate any risks in real-time with minimal to no effect on site functionality. It's intelligent detection system is continuously updated to keep pace with emerging threats and vulnerabilities, ensuring that clients are always protected against novel and evolving risks. Client-side Defense provides customers with comprehensive visibility and control over their website scripts. This empowers organizations to make informed decisions about their website security, with detailed information on script actions, associated risks, script origin, and any new changes and updates introduced into third-party scripts. The new PCI-DSS requirements represent a significant shift in the way companies approach payment card data security. Currently, especially when dealing with third-party scripts, client-side applications are the only location where production code runs without control or visibility. The inclusion of client-side protection solutions means that companies must take a more comprehensive approach to security, considering both server-side and client-side threats. Fortunately, solutions such as Client-side Defense are readily available to assist companies in meeting these new demands and ensuring complete protection of payment card data. Companies that wish to remain proactive in this regard should initiate the integration of such solutions into their websites without delay. Spread the Word * * * * * More Previous Post Next Post RELATED POSTS Blog Post PCI DSS V4.0 IS COMING: HERE’S HOW TO ACHIEVE COMPLIANCE DSS, PCI August 24, 2022 Read Article Blog Post MANAGING THE RISKS OF THIRD-PARTY CODE IN THE DIGITAL SUPPLY CHAIN Digital Supply Chain, Third-Party Code May 25, 2022 Read Article Blog Post A TATTERED LINE OF USER-AGENT STRING Ad Tech, Collective Protection, Human Collective January 30, 2023 Read Article Request A Demo Products * HUMAN Bot Defender * BotGuard for Growth Marketing * MediaGuard * cleanAD * Account Defender * Code Defender * Credential Intelligence * For Security * For Fraud * For AdTech * For Marketing * For Product Solutions * Human Defense Platform * Account Takeover * Account Fraud * Transaction Abuse * Scraping * Client-Side * Data Contamination * Programmatic Ad Fraud * Malvertising * Industries * Digital Advertising * Healthcare & Insurance * Public Sector * Streaming & Media * Travel & Entertainment * Finance * Marketplaces * Retail & E-commerce * Technology Platforms * FinTech Company * About * News * Careers * Leadership * Satori Threat Intelligence Research Team * Board of Directors * What is The Human Collective? Learn * Blog * Case Studies * Webinars * Resource Center * Docs * Tech & Engineering Blog Partners * The Human Collective * Integrations * Resellers * Technology * Partner Portal Contact Us Request a Free Bot Risk Assessment Locations * New York City * Miami * Dallas * Washington DC * Tel Aviv * London * Victoria © 2023 Human * Sitemap * Privacy Policy * Notice to California Residents * Cookies Settings * Data Security & Privacy FAQ HUMAN SECURITY COOKIE POLICY We use cookies to ensure the proper function of this website and to improve your website experience. For additional information relating to your privacy take a look at our privacy policy. Cookies Settings Reject All Cookies Accept All Cookies PRIVACY PREFERENCE CENTER When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. More information Allow All MANAGE CONSENT PREFERENCES TARGETING COOKIES Targeting Cookies These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. Cookies Details FUNCTIONAL COOKIES Functional Cookies These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. Cookies Details ESSENTIAL WEBSITE COOKIES Essential Website Cookies * STRICTLY NECESSARY COOKIES Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. * PERFORMANCE COOKIES Switch Label label These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. Cookies Details Back Button COOKIE LIST Search Icon Filter Icon Clear checkbox label label Apply Cancel Consent Leg.Interest checkbox label label checkbox label label checkbox label label * View Cookies * Name cookie name Confirm My Choices