www.humansecurity.com Open in urlscan Pro
2606:2c40::c73c:671d  Public Scan

Submitted URL: https://go.humansecurity.com/MDAxLVZKWC0xMDQAAAGPxYTm5An8ij5YY605Wlb3FVttFJztlAd8p5Cx5lqYettqh0BmZ_O8T5tHauqRq95TUwIhlH8=
Effective URL: https://www.humansecurity.com/learn/blog/how-pci-dss-v4.0-is-changing-payment-data-security?utm_source=marketo&utm_medium=emai...
Submission Tags: falconsandbox
Submission: On December 01 via api from US — Scanned from DE

Form analysis 1 forms found in the DOM

GET https://www.humansecurity.com/hs-search-results

<form class="menu-search" action="https://www.humansecurity.com/hs-search-results" method="GET">
  <input name="term" placeholder="Search">
  <input type="hidden" name="type" value="SITE_PAGE">
  <input type="hidden" name="type" value="BLOG_POST">
  <input type="hidden" name="type" value="LISTING_PAGE">
  <button></button>
</form>

Text Content

This website stores cookies on your computer. These cookies are used to collect
information about how you interact with our website, customize your browsing
experience, and for analytics and metrics about our visitors both on this
website and other media. To find out more, see our Privacy Policy.

Accept Decline
X
Secure 2024: Forrester Wave™ Q2 2022 Showcases Leading Bot Management Solutions
Learn More
 * Platform
    * * Human Defense Platform
        One powerful platform to safeguard your entire organization from digital
        attacks
      * Account Takeover
        Prevent account compromise
      * Account Fraud
        Detect fake account creation
      * Client-Side
        Avoid client-side attacks and PII leakage
      * Data Contamination
        Ensure accurate data and analytics
      * Transaction Abuse
        Stop fraudulent financial transactions
      * Scraping
        Block unwanted data exfiltration
      * Programmatic Ad Fraud
        Protect digital advertising transactions
      * Malvertising
        Serve clean ads
    * * Digital Advertising
        
      * Finance
        
      * Healthcare & Insurance
        
      * Marketplaces
        
      * Public Sector
        
      * Retail & eCommerce
        
      * Streaming & Media
        
      * Technology Platforms
        
      * Travel & Entertainment
        
      * FinTech
        
    * * Disrupt Fraud & Abuse
        Safeguard your organization from bot attacks, fraud, and account abuse
        by disrupting the economics of cybercrime
    * * Holiday Readiness Guide: Stop Fraud in its Tracks
        Ebook
        
        HUMAN Security on Google Cloud will help you stave off those holiday bot
        blues.
        August 21, 2023
      * 2023 Bad Bot Holiday Report
        Report
        
        Grinch bots, carding, and account abuse during the holiday season.
        August 9, 2023
      * A CISO’s Guide to Fraud Prevention: The Art of Modern Defense in Online
        Fraud
        Ebook
        
        By incorporating modern cybersecurity defenses and emphasizing proactive
        strategies, CISOs can more effectively safeguard their organizations.
        July 11, 2023

 * Products
    * * Request a Free Bot Risk Assessment
        Learn More
    * * HUMAN Bot Defender
        Protect web and mobile applications and APIs from sophisticated bot
        attacks
    * * Account Defender
        Safeguard online accounts from fraud and abuse
    * * Code Defender
        Protect your website from client-side supply chain attacks
    * * Credential Intelligence
        Stop real-world credential stuffing attacks with an additional layer of
        defense
    * * BotGuard for Growth Marketing
        Protection for your marketing funnel and sales efforts
    * * MediaGuard
        Protection for DSPs, SSPs, media owners and brands from fraud
    * * cleanAD
        Protect against malvertising
    * * For Security
        Minimize vulnerabilities and defend your organization from advanced
        threats
      * For Fraud
        Prevent business loss and keep your customer’s experience friction-free
      * For Ad Tech
        Protect advertising supply chains and digital channel investments to
        boost ROI
      * For Marketing
        Improve your performance marketing by keeping fraudulent traffic out of
        your digital channels
      * For Product
        Preserve digital experiences that are free of fraud and abuse for real
        humans

 * Learn
    * * Blog
        HUMAN Insight and Research from our team
      * Case Studies
        See what customers have to say about HUMAN
      * Webinars
        Videos and content about HUMAN expertise and industry intelligence
    * * Resource Center
        Blogs, whitepapers, research, videos, articles—all in one place
      * Documentation
        Details about HUMAN's products and interfaces.
    * * * Satori Threat Intelligence Research Team
          HUMAN’s Satori Threat Intelligence and Research Team proactively
          uncovers and disrupts bot-driven threats.
        * Bot Insights
          Get the insights you need to protect your business from bots
      * * Account Takeover
          
        * Ad Fraud
          
        * Application Security
          
        * Blocking Bots
          
        * Bots
          
        * Bot Detection
          
        * Brute Force Attack
          
        * Captcha
          
        * Carding
          
        * Credential Stuffing
          
        * E-commerce Security
          
        * Fake Account Creation
          
        * PCI DSS Compliance
          
        * PII Harvesting
          
        * Shadow Code
          
        * Supply Chain Attack
          
        * Web Scraping
          


 * Company
    * * About
        HUMAN safeguards against bot attacks and fraud
      * News
        HUMAN in the News
      * Careers
        Find your next career move with HUMAN
    * * Leadership
        Meet the elite bot threat hunters dedicated to making the internet a
        safer place
      * Board of Directors
        Meet the minds behind HUMAN’s mission
      * The Human Collective
        Collective protection to fight ad-based fraud
    * * Satori Threat Intelligence Research Team
        HUMAN’S Satori Threat Intelligence and Research Team proactively uncover
        and disrupt bot-driven threats
    * * Human Overview
        How does HUMAN protect the internet from the influences of sophisticated
        bots? Read more in our overview.
        Download

 * Partners
    * * The Human Collective
        Collective protection to fight ad-based fraud
      * Partnerships and Integrations
        HUMAN integrates with several technology partners, ensuring bot
        mitigation success in any environment.
      * Resellers
        Explore HUMAN's technology through channel partners, combining bot
        mitigation and other security solutions.
    * * Become a Partner
        HUMAN collaborates with the world's leading technology companies
      * Partner Portal
        Log into the HUMAN Partner Portal for collateral, documentation, and
        other partnership needs.

 * Request a Free Bot Risk Assessment
 * Request a Demo



 * Platform
    * * Human Defense Platform
        One powerful platform to safeguard your entire organization from digital
        attacks
      * Account Takeover
        Prevent account compromise
      * Account Fraud
        Detect fake account creation
      * Client-Side
        Avoid client-side attacks and PII leakage
      * Data Contamination
        Ensure accurate data and analytics
      * Transaction Abuse
        Stop fraudulent financial transactions
      * Scraping
        Block unwanted data exfiltration
      * Programmatic Ad Fraud
        Protect digital advertising transactions
      * Malvertising
        Serve clean ads
    * * Digital Advertising
        
      * Finance
        
      * Healthcare & Insurance
        
      * Marketplaces
        
      * Public Sector
        
      * Retail & eCommerce
        
      * Streaming & Media
        
      * Technology Platforms
        
      * Travel & Entertainment
        
      * FinTech
        
    * * Disrupt Fraud & Abuse
        Safeguard your organization from bot attacks, fraud, and account abuse
        by disrupting the economics of cybercrime
    * * Holiday Readiness Guide: Stop Fraud in its Tracks
        Ebook
        
        HUMAN Security on Google Cloud will help you stave off those holiday bot
        blues.
        August 21, 2023
      * 2023 Bad Bot Holiday Report
        Report
        
        Grinch bots, carding, and account abuse during the holiday season.
        August 9, 2023
      * A CISO’s Guide to Fraud Prevention: The Art of Modern Defense in Online
        Fraud
        Ebook
        
        By incorporating modern cybersecurity defenses and emphasizing proactive
        strategies, CISOs can more effectively safeguard their organizations.
        July 11, 2023

 * Products
    * * Request a Free Bot Risk Assessment
        Learn More
    * * HUMAN Bot Defender
        Protect web and mobile applications and APIs from sophisticated bot
        attacks
    * * Account Defender
        Safeguard online accounts from fraud and abuse
    * * Code Defender
        Protect your website from client-side supply chain attacks
    * * Credential Intelligence
        Stop real-world credential stuffing attacks with an additional layer of
        defense
    * * BotGuard for Growth Marketing
        Protection for your marketing funnel and sales efforts
    * * MediaGuard
        Protection for DSPs, SSPs, media owners and brands from fraud
    * * cleanAD
        Protect against malvertising
    * * For Security
        Minimize vulnerabilities and defend your organization from advanced
        threats
      * For Fraud
        Prevent business loss and keep your customer’s experience friction-free
      * For Ad Tech
        Protect advertising supply chains and digital channel investments to
        boost ROI
      * For Marketing
        Improve your performance marketing by keeping fraudulent traffic out of
        your digital channels
      * For Product
        Preserve digital experiences that are free of fraud and abuse for real
        humans

 * Learn
    * * Blog
        HUMAN Insight and Research from our team
      * Case Studies
        See what customers have to say about HUMAN
      * Webinars
        Videos and content about HUMAN expertise and industry intelligence
    * * Resource Center
        Blogs, whitepapers, research, videos, articles—all in one place
      * Documentation
        Details about HUMAN's products and interfaces.
    * * Satori Threat Intelligence Research Team
        HUMAN’s Satori Threat Intelligence and Research Team proactively
        uncovers and disrupts bot-driven threats.
      * Bot Insights
        Get the insights you need to protect your business from bots
    * * Account Takeover
        
      * Ad Fraud
        
      * Application Security
        
      * Blocking Bots
        
      * Bots
        
      * Bot Detection
        
      * Brute Force Attack
        
      * Captcha
        
      * Carding
        
      * Credential Stuffing
        
      * E-commerce Security
        
      * Fake Account Creation
        
      * PCI DSS Compliance
        
      * PII Harvesting
        
      * Shadow Code
        
      * Supply Chain Attack
        
      * Web Scraping
        

 * Company
    * * About
        HUMAN safeguards against bot attacks and fraud
      * News
        HUMAN in the News
      * Careers
        Find your next career move with HUMAN
    * * Leadership
        Meet the elite bot threat hunters dedicated to making the internet a
        safer place
      * Board of Directors
        Meet the minds behind HUMAN’s mission
      * The Human Collective
        Collective protection to fight ad-based fraud
    * * Satori Threat Intelligence Research Team
        HUMAN’S Satori Threat Intelligence and Research Team proactively uncover
        and disrupt bot-driven threats
    * * Human Overview
        How does HUMAN protect the internet from the influences of sophisticated
        bots? Read more in our overview.
        Download

 * Partners
    * * The Human Collective
        Collective protection to fight ad-based fraud
      * Partnerships and Integrations
        HUMAN integrates with several technology partners, ensuring bot
        mitigation success in any environment.
      * Resellers
        Explore HUMAN's technology through channel partners, combining bot
        mitigation and other security solutions.
    * * Become a Partner
        HUMAN collaborates with the world's leading technology companies
      * Partner Portal
        Log into the HUMAN Partner Portal for collateral, documentation, and
        other partnership needs.

 * Request a Free Bot Risk Assessment
 * Request a Demo

CONTACT SALES

Connect with a HUMAN bot protection expert to find out how our products can help
you meet your project deadline and security needs

CUSTOMER SUPPORT

Get in touch with HUMAN for any questions or concerns you may have

BLOG

HUMAN Insight and Research from our team


THIS IS A TITLE

This is a subtitle
Some content goes here..

THIS IS A TITLE

This is a subtitle
Some content goes here..

THIS IS A TITLE

This is a subtitle
Some content goes here..
HUMAN Blog


HOW PCI DSS V4.0 IS CHANGING PAYMENT DATA SECURITY

By Shaul Badusa, Manager, Code Defender
Jun 7, 2023
Data, Code Defender, Compliance

Many organizations that accept payment cards, either in-person or online, are
required to meet a specific set of security standards to protect that sensitive
information. These standards—named Payment Card Industry Data Security Standard,
or PCI-DSS—are updated periodically to reflect new technologies and new
understandings of data security.

The most recent version of the standard, Version 4.0, was introduced in March
2022. For the moment, two different versions are “active:” the aforementioned
v4.0 and its predecessor, v3.2.1, with the older standard scheduled to phase out
by the end of March 2024.  With that timeline in mind, credit card companies and
vendors who conduct credit card transactions have until March 2025 to
demonstrate compliance with v4.0.



This timeline is crucial, as  failure on the part of a credit card processor to
comply with PCI-DSS may result in reputation damage and rejection by credit card
companies for processing payments. Therefore, it is imperative for companies to
implement appropriate security measures to safeguard payment card information
well before new compliance requirements go into effect.

Adhering to the new version of PCI-DSS is required for organizations to:

 * Protect their customers’ data and their own reputation
 * Continue to accept credit card payments
 * Avoid fines, losses due to fraud, and loss of insurance
 * Demonstrate to other companies, especially merchant banks and card brands,
   that they are secure and trustworthy.

As a result, the customers of compliant organizations are better protected from
fraud, identity theft, personal information leakage, and other malicious
activities.

Needless to say, every organization that handles payment card information is
taking this update very seriously.


ON THE CLIENT SIDE

One of the new requirements for organizations is to keep an inventory of all
running scripts, authorize each script (with justifications for why), verify
their behavioral integrity, and occasionally conduct risk ranking and
vulnerability checks. In addition, there is a new requirement for HTTP header
tampering protection for all scripts and resources loaded into the website,
which necessitates a system to track the current status and notify of any
changes.

The PCI-DSS council recognizes the importance of client-side protection due to
the emergence of various attack surfaces in recent years that target the code
executed on an end user's device. Supply-chain attacks serve as a prime example
of such threats, exploiting the fact that many client-side scripts are loaded
from external servers beyond the organization’s control. Common examples of
components that are typically hosted on vendor servers instead of organization
servers include analytic vendors, ads, and UI/UX components.


SOLVING THE COMPLIANCE PROBLEM

When a standard demands specific domain knowledge—such as client-side
protection—organizations often choose to use third-party tools to meet their
needs.

There are, for example, scanner-based options that periodically scan the website
for vulnerabilities. Another option is checks and tests of the static code
itself. However, given the security considerations and modern web architecture,
relying solely on these methods may not provide the complete picture and could
be vulnerable to malicious activities that bypass those check mechanisms easily.
A script could be  modified and cause significant harm to a business and its
reputation between deployment and detection, if the detection process is only
carried out weekly or monthly.

In other cases, even if a script is in place just before the scan, it may not
run while the scanner performs a check. This is a common occurrence when dealing
with web security, as some scripts are specifically designed to identify and
evade scanning tools.

Another possible solution is to use tools that rely on real-time traffic. Given
the dynamic nature of third-party script updates and their critical role in many
organizations, it's essential to have a client-side protection solution that can
continuously monitor script behavior, detect any tampering with the script
(including headers and all resources), and provide website owners with
visibility into the actions of these scripts. By performing detection on the
actual website's traffic, a more comprehensive solution can be achieved while
ensuring compliance and providing the necessary visibility to website owners.

Using this continuous approach can help strike a balance between development
effort, hosting costs, security concerns, and regulatory requirements.

This ensures that the website remains operational while maintaining the
necessary security measures to prevent data breaches and leaks. Similar to a
WAF, such a tool should enable customers to set policies to enforce and receive
notifications of any suspicious activities that do not comply with the policy
rules. Additionally, the tool must be capable of reacting in real-time to such
suspicious activities—either by mitigating or investigating them—to keep the
website protected and functioning properly.


CLIENT-SIDE DEFENSE: THE SOLUTION FOR PCI DSS COMPLIANCE

HUMAN Client-side Defense for PCI DSS Compliance offers a robust client-side
protection solution that addresses the requirements of the new PCI-DSS version.
The solution is designed to meet the new standard requirements, providing script
inventory, authorization, and justification; audit trail records; and real-time
notification and mitigation of potential risks.



Client-side Defense can establish policies, enforce them, and mitigate any risks
in real-time with minimal to no effect on site functionality. It's intelligent
detection system is continuously updated to keep pace with emerging threats and
vulnerabilities, ensuring that clients are always protected against novel and
evolving risks. 

Client-side Defense provides customers with comprehensive visibility and control
over their website scripts. This empowers organizations to make informed
decisions about their website security, with detailed information on script
actions, associated risks, script origin, and any new changes and updates
introduced into third-party scripts. 



The new PCI-DSS requirements represent a significant shift in the way companies
approach payment card data security. Currently, especially when dealing with
third-party scripts, client-side applications are the only location where
production code runs without control or visibility.

The inclusion of client-side protection solutions means that companies must take
a more comprehensive approach to security, considering both server-side and
client-side threats. Fortunately, solutions such as Client-side Defense are
readily available to assist companies in meeting these new demands and ensuring
complete protection of payment card data. Companies that wish to remain
proactive in this regard should initiate the integration of such solutions into
their websites without delay.

Spread the Word
 * 
 * 
 * 
 * 
 * More

Previous Post

Next Post


RELATED POSTS

Blog Post


PCI DSS V4.0 IS COMING: HERE’S HOW TO ACHIEVE COMPLIANCE

DSS, PCI
August 24, 2022
Read Article
Blog Post


MANAGING THE RISKS OF THIRD-PARTY CODE IN THE DIGITAL SUPPLY CHAIN

Digital Supply Chain, Third-Party Code
May 25, 2022
Read Article
Blog Post


A TATTERED LINE OF USER-AGENT STRING

Ad Tech, Collective Protection, Human Collective
January 30, 2023
Read Article
Request A Demo
Products
 * HUMAN Bot Defender
 * BotGuard for Growth Marketing
 * MediaGuard
 * cleanAD
 * Account Defender
 * Code Defender
 * Credential Intelligence

 * For Security
 * For Fraud
 * For AdTech
 * For Marketing
 * For Product

Solutions
 * Human Defense Platform
    * Account Takeover
    * Account Fraud
    * Transaction Abuse
    * Scraping
    * Client-Side
    * Data Contamination
    * Programmatic Ad Fraud
    * Malvertising

 * Industries
    * Digital Advertising
    * Healthcare & Insurance
    * Public Sector
    * Streaming & Media
    * Travel & Entertainment
    * Finance
    * Marketplaces
    * Retail & E-commerce
    * Technology Platforms
    * FinTech

Company
 * About
 * News
 * Careers
 * Leadership
 * Satori Threat Intelligence Research Team
 * Board of Directors
 * What is The Human Collective?

Learn
 * Blog
 * Case Studies
 * Webinars
 * Resource Center
 * Docs
 * Tech & Engineering Blog

Partners

 * The Human Collective
 * Integrations
 * Resellers
 * Technology
 * Partner Portal

Contact Us
Request a Free Bot Risk Assessment
Locations
 * New York City
 * Miami
 * Dallas
 * Washington DC
 * Tel Aviv
 * London
 * Victoria


© 2023 Human
 * Sitemap
 * Privacy Policy
 * Notice to California Residents
 * Cookies Settings
 * Data Security & Privacy FAQ





HUMAN SECURITY COOKIE POLICY

We use cookies to ensure the proper function of this website and to improve your
website experience. For additional information relating to your privacy take a
look at our privacy policy.

Cookies Settings Reject All Cookies Accept All Cookies



PRIVACY PREFERENCE CENTER

When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
Allow All


MANAGE CONSENT PREFERENCES

TARGETING COOKIES

Targeting Cookies

These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.

Cookies Details‎

FUNCTIONAL COOKIES

Functional Cookies

These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.

Cookies Details‎

ESSENTIAL WEBSITE COOKIES

Essential Website Cookies

 * STRICTLY NECESSARY COOKIES
   
   Always Active
   
   These cookies are necessary for the website to function and cannot be
   switched off in our systems. They are usually only set in response to actions
   made by you which amount to a request for services, such as setting your
   privacy preferences, logging in or filling in forms. You can set your browser
   to block or alert you about these cookies, but some parts of the site will
   not then work. These cookies do not store any personally identifiable
   information.

 * PERFORMANCE COOKIES
   
   Switch Label label
   
   These cookies allow us to count visits and traffic sources so we can measure
   and improve the performance of our site. They help us to know which pages are
   the most and least popular and see how visitors move around the site. All
   information these cookies collect is aggregated and therefore anonymous. If
   you do not allow these cookies we will not know when you have visited our
   site, and will not be able to monitor its performance.

Cookies Details‎
Back Button


COOKIE LIST



Search Icon
Filter Icon

Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label

 * 
   
   View Cookies
   
    * Name
      cookie name

Confirm My Choices