Jscrambler PCI DSS News

Jscrambler launches free tool for faster compliance with new PCI anti-skimming requirements

June 27th, 2023 | By Jscrambler | 6 min read

Jscrambler is announcing the launch and immediate availability of its free PCI DSS JavaScript Compliance Tool to ensure granular and flexible capacity to meet the stringent new requirements introduced by version 4.0 of the Payment Card Industry Data Security Standards (PCI DSS v4.0).

This free assessment tool provides organizations of all sizes with clarity and simple compliance coupled with proactive security measures to prevent web skimming and Magecart attacks. Jscrambler is a PCI Security Standards Council Principal Participating Organization, and Pedro Fortuna, Jscrambler’s CTO, and co-founder, was recently elected a member of the PCI SSC Board of Advisors.  

Faster compliance with PCI anti-skimming requirements

Our team of JavaScript experts has worked to create a solution that will directly ensure compliance with requirements 6.4.3 and 11.6.1 of PCI DSS v4.0. With the new PCI DSS v4.0 requirements already in the public domain, organizations need to prioritize this transition while simultaneously adopting proactive measures to protect their customer’s payment card information.

Although the new requirements in PCI DSS are not mandatory until April 2025, they are indicated as “best practices” until this date. Combining the trifecta of technology, people, and processes, Jscrambler’s solution provides teams with the flexibility and agility they require to meet these deadlines without compromising other priorities.

To meet the new anti-skimming requirements of PCI DSS v4.0, which include ensuring script integrity, maintaining an up-to-date inventory of payment/parent pages’ scripts, and alerts for any tampering attempts, Jscrambler’s new tool offers advanced visibility to easily monitor and authorize vendors and scripts, while providing effortless and detailed reporting logs to demonstrate compliance to PCI Security Assessors (ISAs and QSAs) and internal compliance teams.

Web skimming attacks continue to plague organizations that have an e-commerce store, with attackers launching campaigns to hit as many targets as possible by injecting malicious code into websites via third-party providers. Jscrambler’s research about Defcon skimming has shown that in recent months, the modus operandi of three of the most prolific cybercriminal groups has evolved as they seek more innovative ways to compromise targets. As a result, if successful, these attacks can go undetected for months, potentially resulting in reputational damage and heavy fines.

Working with Jscrambler to accelerate Security Compliance Issues

Working with Jscrambler, organizations get peace of mind as security teams can configure and manage multiple websites and payment pages in one place, further streamlining compliance visibility and reporting.

To stay one step ahead, and ensure that organizations maintain a secure environment, teams can react promptly due to immediate alerts on any modifications to HTTP headers, integrity breaches, or the addition of new vendors. 

Pedro Fortuna comments that:

"With all organizations across the globe that take online payments needing to be fully compliant with the new PCI DSS v4.0 requirements by early 2025, it is imperative that they take action now to identify where any gaps in their security defenses are and take proactive steps to mitigate them. This is no small undertaking for any organization, however, with the release of this tool, backed up by the first-hand expertise of our team in JavaScript, and our experience in dealing with application security challenges in the payment industry, we are empowering organizations to make informed decisions and giving them unparalleled control over data protection."

"Jscrambler is a trusted partner for businesses working to secure payment card data and to achieve PCI DSS compliance. Jscrambler’s resources allow organizations of all sizes to ensure client-side security is constantly safeguarded, effectively protecting organizations and their customers" says John Elliott, Jscrambler Advisor and one of the authors of PCI DSS v4.0. "I’m delighted to work closely with the team to ensure we’re developing one of the most advanced solutions in the market."

Jscrambler's free compliance tool is available today.


The leader in client-side Web security. With Jscrambler, JavaScript applications become self-defensive and capable of detecting and blocking client-side attacks like Magecart.

View All Articles

Must read next

PCI DSS Web Security

Preventing Digital Skimming Attacks and Enabling PCI DSS Compliance

E-commerce skimming = the majority of attacks against payment card data. The newest version of PCI DSS contains requirements aimed at preventing digital skimming attacks.

June 21, 2022 | By John Elliott | 5 min read


Three things you need to know about PCI DSS v4.0

Here are the top three things to know about the latest version of PCI DSS - v.4.0

March 14, 2023 | By Jscrambler | 3 min read

Section Divider

Subscribe to Our Newsletter