JavaScript skimming attacks, such as Magecart, continue to plague e-commerce businesses, targeting payment pages to steal sensitive customer data. To address this growing threat, PCI DSS v4.0 introduced Requirement 6.4.3, which focuses on managing and securing payment page scripts executed in the consumer’s browser. This requirement is also reflected in the updated SAQ A and A-EP,…
As the March 31, 2025, deadline for PCI DSS 4.0.1 compliance approaches, businesses handling payment card data must align their security practices with the new requirements. This is part 3 of the Understanding the New PCI DSS v4.x Compliance Requirements series, if you missed the post about requirement 3 you can read it here. Requirement…
With the new deadlines approaching quickly, I wanted to do a deep dive into each of the changes that have already gone into effect and those that will go into effect on March 31, 2025. Over the next few weeks, I will break down each requirement into its own article. The Payment Card Industry Data…
Navigating the complexities of PCI (Payment Card Industry) compliance can be daunting, especially when it comes to determining the right scope for your PCI assignment. Whether you’re a seasoned professional or just starting out, understanding the scope of your PCI assignment is critical to protecting cardholder data and achieving compliance. Did you know that improper…
The landscape of credit card fraud is constantly evolving, with criminals devising increasingly sophisticated methods to steal customer financial information. For merchants, these evolving threats pose a significant challenge, demanding a proactive approach to data security. Two particularly concerning methods are credit card skimming and shimmering, both capable of compromising sensitive information and eroding customer…
A vulnerability has been reported in the e-commerce software called osCommerce. osCommerce is an open source e-commerce solution for running an online store front with minimal effort and cost. The attack takes advantage of multiple vulnerabilities and insecure configuration settings with osCommerce installations. As a result, an attacker is able to take complete control and/or plant…
Merchants that use Scottsdale, Ariz.-based security services provider Chief Security Officers (CSO) to validate their adherence with the Payment Card Industry Data Security Standard (PCI DSS) will have to find a new assessor. The PCI Security Standards Council, the group responsible for managing payment security, last week revoked CSO’s status as a Qualified Security Assessor…
As pay-at-the-pump skimming scams grow in the United States and Europe, police in Camarillo, California, have taken the unique step of enlisting help from civilians to fight skimming crimes. Known as the citizen patrol unit, the group of 30 civilian volunteers has been tasked with monitoring pay-at-the pump terminals throughout Camarillo, looking for signs of…
