c/side has introduced its PCI compliance dashboard to ensure adherence to PCI DSS 4.0.1 requirements for monitoring and managing third-party website scripts.
The Payment Card Industry Data Security Standard (PCI DSS) provides guidelines for organizations to safeguard their payment infrastructure against data theft and fraud in debit card and credit card transactions. PCI DSS compliance is mandatory for all businesses that accept card payments and is enforced via penalties that can include monthly fines up to six figures and suspension of card acceptance capabilities.
PCI DSS 4.0.1 introduces two new mandates (6.4.3 and 11.6.1) for securely monitoring and managing browser-side third-party scripts. Organizations must implement these changes by March 31, 2025. c/side’s PCI compliance dashboard enables organizations to secure and monitor all third-party scripts across their websites, providing the comprehensive protection these standards demand.
“Businesses are struggling to adapt legacy security tools to meet the new PCI DSS requirements for processing, storing, and transmitting payment card data,” said Simon Wijckmans, founder and CEO, c/side. “The regulations have tightened and become more prescriptive—and specific cybersecurity capabilities are critical to ensure compliance and avoid an auditing disaster. c/side’s ability to track and verify third-party web script behavior maps to exactly what these new mandates are looking for, and our dashboard gives businesses the complete visibility and control they need.”
Here is how c/side addresses both the 6.4.3 and 11.6.1 requirements of PCI DSS 4.0.1:
- PCI DSS requirement 6.4.3 mandates that organizations accepting digital payments must authorize every script running on payment pages. Organizations must also maintain an inventory of third-party scripts with written justification for their use, while ensuring script integrity. c/side’s dashboard maintains a complete script inventory across all website pages and captures each script’s payload in real time. This visibility instantly shows any code changes and potential threats. The system verifies script authorization and integrity, while automatically blocking and alerting on malicious changes—exceeding PCI DSS requirements.
- PCI DSS requirement 11.6.1 focuses on monitoring script changes by requiring weekly evaluation and reporting of any unauthorized changes to HTTP headers or payment page scripts. This poses a unique challenge, since third-party JavaScript scripts (by default) serve different code versions for various functions. c/side solves this by capturing and analyzing every script request through its proxy technology. The dashboard’s AI-powered analysis highlights changes and explains code functionality, giving engineers clear insight into script behavior.
In case of an audit, organizations often face needless challenges in tracking third-party script activity and ensuring compliance across payment and non-payment pages. This lack of visibility increases the risk of non-compliance, fines, and audit delays. With c/side, these pain points are eliminated. The c/side dashboard automatically generates comprehensive weekly reports that document all script activity and enable granular controls to ensure scripts run only where approved. By automating these processes, c/side transforms a complex compliance requirement into a straightforward task, reducing risks, eliminating audit delays, and easing the burden of maintaining compliance.
Learn more about c/side’s new PCI DSS dashboard, visit the website here.
Related News:
c/side Secures Funding to Protect Websites from Third-Party Web Script Risks
Browser Supply Chain Secured with c/side AI-Fueled Security Solution
