The Green Sheet Online Edition
February 2, 2024 • 24:02:02
Broaden JavaScript protection with PCI-compliant platform
HUMAN Security Inc., a digital fraud platform focused on disrupting bot attacks, online fraud and abuse across the buyer's journey, created PCI DSS 4.0 capabilities for HUMAN Client-side Defense, a solution designed to help companies meet new requirements for managing browser scripts on payments pages, which become mandatory on March 31, 2025. Jeffrey Zitomer, senior director, product management, HUMAN Security Inc., said, "HUMAN uses a modern defense strategy to safeguard organizations from digital attacks, fraud, and account abuse. Our solutions increase ROI and trust while decreasing customer friction, data contamination and cybersecurity exposure."
Zitomer stated that modern websites deliver critical business functionality by sourcing code from across the internet, some of which may bypass traditional security controls. Criminals can exploit this attack surface to steal cardholder data, he added, a risk that new PCI requirements address. This solution, combined with PCI DSS 4.0 compliance, can further protect against these threats by enabling normal scripts while blocking undesired cardholder data access, he added.
PCI DSS 4.0 requirements
Zitomer further noted that PCI DSS 4.0 requirements apply to all businesses. Even businesses that fully outsource account data storage, payment processing, and transmission to third-party payment service providers must comply with two new browser script requirements. He summarized those requirements as follows:
- Requirement 6.4.3 for payment page scripts mandates that a method is implemented to confirm each script is authorized; a method is implemented to assure each script's integrity; and an inventory with written justification of all scripts is maintained.
- Requirement 11.6.1 for page script modifications mandates that a change and tamper-detection mechanism is deployed to alert personnel to unauthorized modification to the HTTP headers and the contents of payment pages as received by the consumer browser.
HUMAN Security simplifies payment page management by enabling companies to deploy a single line of JavaScript to authorize, justify and ensure script integrity, Zitomer stated, noting that a cloud back end and user interface will track a firm's progress toward compliance and provide comprehensive risk-scored script inventory and on-demand audit reports. He pointed out that the solution will also alert users to unauthorized changes to scripts and HTTP headers, and these and other risky script behaviors can be blocked with a click or simple policy.
Comprehensive, always-on support
Malicious bots can take over user accounts, payment pages, inventory settings, pricing and content, Zitomer stated, affirming that PCI DSS 4.0 capabilities for HUMAN Client-side Defense can solve for these issues, while providing the following features and benefits:
- Compliance: Simplify payment page protection in compliance with PCI DSS 4.0 browser script requirements.
- Automation: Streamline compliance by automating script inventory, authorization and audit reports.
- Zero trust: Secure credit card information including deep insight into script behavior and zero trust browser security.
- Selective blocking: Break the value versus security tradeoff by allowing scripts to deliver business value while blocking only undesired actions.
- Predictive prevention: Protect customers, websites, networks and enterprises from sophisticated bot attacks and adapt quickly to defend from threats yet to come.
Channel partners welcome
Zitomer emphasized that ISOs, agents and sales channel partners will find PCI DSS 4.0 capabilities for HUMAN Client-side Defense to be not only a timely resource for helping clients meet the 2025 deadline for PCI DSS 4.0, but also an asset that is easy to sell, deploy and operate. "It's easy to connect the dots between PCI DSS 4.0 requirements and the product's UI," he said, noting that copying and pasting a single line of code is all that is needed to get the system up and running, delivering continuous protection, enhanced reporting and automated alerts. 
Whether you want to upgrade your POS offerings, find a payment gateway partner, bone up on fintech regs or PCI requirements, find an upcoming trade show, read about faster payments, or discover the latest innovations in merchant acquiring, The Green Sheet is the resource for you. Since 1983, we've helped empower and connect payments professionals, starting with the merchant level salespeople who bring tailored payment acceptance and digital commerce tools, along with a host of other business services to merchants across the globe. The Green Sheet Inc. is also a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals.
Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.
