Jscrambler Delivers Comprehensive Approach to Payment Page Security and PCI DSS v4 Requirements According to Coalfire

Porto, Portugal

JUNE 11, 2024

Jscrambler, the pioneering platform for client-side protection, today announced new independent research titled “Jscrambler: A Comprehensive Approach to Payment Page Security & PCI DSS v4.0 Requirements 6.4.3 & 11.6.1” Conducted by industry-leading cybersecurity services company and PCI Qualified Security Assessor (QSA), Coalfire, the assessment details the Jscrambler platform and how it helps businesses adhere to regulatory requirements, industry best practices, and broader cybersecurity frameworks and compliance standards, such as PCI DSS v4

The widespread adoption of first- and third-party JavaScript has made client-side environments significantly more vulnerable to attack and prompted groups such as the PCI Security Standards Council (PCI SSC) to establish data security protocols for secure global payments. This includes PCI DSS v4, an updated set of guidelines and requirements focusing on payment pages to ensure that cardholder data is handled, stored, and transmitted securely during payment card transactions.

PCI DSS v4 features new rules for how JavaScript should be handled on payment pages to prevent skimming attacks.

In this independent research assessment, Coalfire examined the Jscrambler platform for its alignment with specific PCI DSS requirements, including 6.4.3 and 11.6.1. According to the report, “Coalfire found that it can be effective in its ability to assist organizations in meeting these requirements set forth by the PCI SSC. The Jscrambler platform is capable of streamlining the effort required to establish the effective application of controls and to lower the overall effort required to demonstrate and maintain compliance. Its capabilities can assist in the reduction of operational stress on the required risk management teams and associated information technology staff to support the cybersecurity program, workloads, and business operations.”

The research also states that “the combination of Jscrambler's comprehensive first and third-party JavaScript protection, JavaScript obfuscation and fine-grained tag behavior controls, hardened agent, and managed expertise working on client-side security are all examples of capabilities in support of its effectiveness.”

“Visa's Spring 2023 Biannual Threats Report reported that digital skimming attacks targeting e-commerce sites increased by 174% in the last half of 2022 alone. The analysis from Coalfire is a testament to the capabilities of our unified client-side protection and compliance platform, which provides payment page script discovery, authorization, detection, and alerting. It’s through these insights that merchants can easily comply with the new requirements introduced in PCI DSS v4.0 while mitigating security threats targeting payments pages such as digital skimming, Formjacking, Magecart Attacks, and more,” said Rui Ribeiro, CEO & Co-Founder of Jscrambler.

To learn more, register here to attend the webinar, "Coalfire reviews the Jscrambler platform in meeting PCI DSS requirements 6.4.3 and 11.6.1”. This webinar will review Coalfire’s analysis of the Jscrambler platform and how it enables businesses to comply with key requirements that elevate security and compliance benchmarks, particularly focusing on managing and monitoring scripts on payment pages. 

• Date & Time: June 13, 2024 at 11 am ET

• Participants: Michael Burke, Principal Consultant, Payments and Cloud Advisory at Coalfire; Jeffrey Cleveland, Technical Engineer at Jscrambler

Access the complete “Jscrambler: A Comprehensive Approach to Payment Page Security & PCI DSS v4.0 Requirements 6.4.3 & 11.6.1” report.

About Coalfire

Coalfire, headquartered in Denver, Colorado, is a global services and solutions company that specializes in cyber advisory, assessment, and security.

The company also develops cutting-edge technology platforms that automate defenses against security threats for the world's leading enterprises, cloud providers, and SaaS companies. Coalfire is the foremost provider of FedRAMP compliance assessments and penetration testing services in the United States.

About Jscrambler

Jscrambler is the leader in Client-Side Protection and Compliance. Jscrambler is the first to merge advanced polymorphic JavaScript obfuscation with fine-grained third-party tag protection in a unified Client-Side Protection and Compliance Platform.

Jscrambler’s integrated solution ensures a robust defense against current and emerging client-side cyber threats, data leaks, misconfigurations, and IP theft, empowering software development and digital teams to securely innovate online with JavaScript. Jscrambler’s Code Integrity product safeguards first-party JavaScript through state-of-the-art obfuscation and exclusive runtime protection. Jscrambler’s Webpage Integrity product mitigates threats and risks posed by third-party tags, all while ensuring compliance with the new PCI DSS v4 standard.

With Jscrambler, businesses adopt a unified, future-proof client-side security policy, all while achieving compliance with emerging security standards.  Jscrambler serves a diverse range of customers, including top Fortune 500 companies, online retailers, airlines, media outlets, and financial services firms whose success depends on safely engaging with their customers online.