Page 37 - GS240202
P. 37

NewProducts




                         Broaden JavaScript protection


                            with PCI-compliant platform





                                                               cript to authorize, justify and ensure script integrity, Zi-
                                                               tomer stated, noting that a cloud back end and user inter-
                                                               face will track a firm's progress toward compliance and
                                                               provide  comprehensive  risk-scored  script  inventory  and
                                                               on-demand audit reports. He pointed out that the solution
                                                               will also alert users to unauthorized changes to scripts and
                   UMAN  Security  Inc.,  a  digital  fraud  platform   HTTP headers, and these and other risky script behaviors
                   focused on disrupting bot attacks, online fraud   can be blocked with a click or simple policy.
                   and abuse across the buyer's journey, created
        H PCI DSS 4.0 capabilities for HUMAN Client-           Comprehensive, always-on support
        side Defense, a solution designed to help companies
        meet new requirements for managing browser scripts on   Malicious bots can take over user accounts, payment pages,
        payments pages, which become mandatory on March 31,    inventory settings, pricing and content, Zitomer stated, af-
        2025.  Jeffrey Zitomer, chief information officer and chief   firming that PCI DSS 4.0 capabilities for HUMAN Client-
        technology officer, product, at HUMAN Security Inc., said,   side Defense can solve for these issues, while providing the
        "HUMAN uses a modern defense strategy to safeguard     following features and benefits:
        organizations from digital attacks, fraud, and account     • Compliance: Simplify payment page protection in
        abuse. Our solutions increase ROI and trust while decreas-   compliance with PCI DSS 4.0 browser script require-
        ing customer friction, data contamination and cybersecu-     ments.
        rity exposure."                                            • Automation:  Streamline compliance  by  automating
                                                                     script inventory, authorization and audit reports.
        Zitomer stated that modern websites deliver critical business
        functionality by sourcing code from across the internet,   • Zero trust:  Secure credit card information includ-
        some of which may bypass traditional security controls.      ing deep insight into script behavior and zero trust
        Criminals can exploit this attack surface to steal cardholder   browser security.
        data, he added, a risk that new PCI requirements address.   • Selective blocking: Break the value versus security
        This solution, combined with PCI DSS 4.0 compliance, can     tradeoff by allowing scripts to deliver business value
        further protect against these threats by enabling normal     while blocking only undesired actions.
        scripts while blocking undesired cardholder data access, he
        added.                                                     • Predictive prevention: Protect customers, websites,
                                                                     networks and enterprises from sophisticated bot at-
        PCI DSS 4.0 requirements                                     tacks and adapt quickly to defend from threats yet
                                                                     to come.
        Zitomer further noted that PCI DSS 4.0 requirements apply
        to all businesses. Even businesses that fully outsource   Channel partners welcome
        account data storage, payment processing, and transmission
        to third-party payment service providers must comply with   Zitomer emphasized that ISOs, agents and sales channel
        two new browser script requirements. He summarized     partners will find PCI DSS 4.0 capabilities for HUMAN
        those requirements as follows:                         Client-side Defense to be not only a timely resource for
                                                               helping clients meet the 2025 deadline for PCI DSS 4.0, but
           1. Requirement 6.4.3 for payment page scripts mandates   also an asset that is easy to sell, deploy and operate. "It's
           that a method is implemented to confirm each script is   easy to connect the dots between PCI DSS 4.0 requirements
           authorized; a method is implemented to assure each   and the product's UI," he said, noting that copying and
           script's integrity; and an inventory with written justifi-  pasting a single line of code is all that is needed to get the
           cation of all scripts is maintained.                system up and running, delivering continuous protection,
                                                               enhanced reporting and automated alerts.
           2. Requirement 11.6.1  for page script modifications
           mandates that a change and tamper-detection mecha-          Company: HUMAN Security Inc.
           nism is deployed to alert personnel to unauthorized
           modification to the HTTP headers and the contents of        Product: PCI DSS 4.0 capabilities for
           payment pages as received by the consumer browser.                       HUMAN Client-side Defense
        HUMAN Security simplifies payment page management              Website: https://humansecurity.com
        by enabling companies to deploy a single line of JavaS-        Contact: https://humansecurity.com/contact-us

                                                                                                                37
   32   33   34   35   36   37   38   39   40   41   42