November 9th, 2023 | By Jscrambler | 7 min read
The most recent iteration of the PCI SSC Community Meetings happened in Dublin, Ireland, at the end of October.
Participants are now transitioning from education to taking action to achieve PCI DSS v4.0 compliance, showing special concern for the requirements dealing with sensitive data. Jscrambler’s team was once again present at the event and gathered some takeaways that are relevant to share.
E-skimming attacks are advancing.
Jscrambler’s CTO and co-founder Pedro Fortuna, a member of the PCI Security Standards Council Board of Advisors, gave a presentation on “Securing Different Types of Payment Pages from E-commerce Skimming Attacks”.
New skimming attack patterns have been evolving to circumvent controls and compromise payment page data. Different attack methods are being applied on different payment page builds, either where a payment form is directly embedded on a page or where it is embedded in a page using an iFrame.
Learn more: 12 Checklist Items for Defeating Magecart Attacks.
Jscrambler’s analysts have been busy working on identifying and mitigating these new techniques.
“eSkimming attacks are going beyond simple skimming of the payment form. The parent page or even other pages can be targeted - it’s urgent to take action”.
- Pedro Fortuna, CTO
PSPs are now in the mix.
Merchants, QSAs (Qualified Security Assessors), and PSPs (Payment Service Providers) are starting to prioritize compliance with PCI DSS v4.0.
Learn more: Preparing QSAs for PCI DSS v4.0.
These concerns are taking center stage and professionals are more aware that they need to wrap their head around the technological needs that will have to be implemented to support compliance.
“PSPs outnumbered QSAs and Merchants in Dublin as opposed to more QSAs and Merchants in Portland. And we see that they’re also looking for a specific solution as well”
- Carlos Rocha Gonçalves, VP of Growth & Partnerships
Let’s get practical with PCI.
As a Principal Participating Organization of the PCI Security Standards Council (PCI SSC), Jscrambler has been present in several events focused on PCI DSS.
From the beginning of 2023, it’s noticeable a significant shift in the landscape. In earlier gatherings, people were just getting acquainted with the latest iteration of PCI DSS and trying to grasp what the 4.0 version had in store, as well as the steps required for compliance.
Fast forward to now, and the clock is ticking loudly. More substantial discussions are now taking center stage. Companies are increasingly focused on this issue, and the pressing concern revolves around carving out budgetary space to accommodate the necessary solutions they'll need to employ.
“It was notable that many attendees came by our booth with a specific goal in mind - looking for solutions to comply with requirements 6.4.3 and 11.6.1"
- Jeffrey Cleveland, Sales Engineer
Pull back the curtain with vendor Tech Talks.
There were eleven vendors Tech Talks at the event focusing on showcasing how to comply with the latest PCI DSS requirements, with four solution providers presenting solutions specifically for requirements 6.4.3 and 11.6.1.
Jscrambler’s Tech Talk focused on demonstrating full script visibility and business justification for requirement 6.4.3, and management, control, and alerting for requirement 11.6.1.
Pedro Fortuna added “As we near the final year of preparation for PCI DSS v4.0, these events become key for decision-making and knowledge sharing.
We are eager to not only help companies develop the right strategies for meeting compliance demands but also to ensure their customer’s safety and privacy are consistently being protected.
We look forward to the upcoming PCI-focused events in 2024, where we will further guide attendees on the latest payment threats and best practices for payment security.”.
Jscrambler can help you answer these two requirements.
Schedule time with a Jscrambler specialist to see a demo that will solve your business needs.
Jscrambler's PCI DSS v4.0 tool helps merchants achieve compliance with requirements 6.4.3 and 11.6.1 and QSAs to validate this compliance.
Must read next
The new PCI DSS v4.0 Requirements: a checklist to guarantee your company’s compliance
PCI DSS v4.0 contains two new requirements (6.4.3 and 11.6.1) to protect against and detect e-commerce skimming attacks.
March 7, 2023 | By Jscrambler | 5 min read
PCI SSC welcomes Jscrambler's CTO Pedro Fortuna to its Board of Advisors
Pedro Fortuna is one of 52 members of the 2023-2025 PCI SSC Board of Advisors.
June 12, 2023 | By Jscrambler | 4 min read