Preparing Qualified Security Assessors for PCI DSS V4

This guide outlines the new requirements in PCI DSS v4 that become mandatory on April 1, 2025, focusing on how qualified security assessors can prepare for compliance. It details the implications of the requirements, particularly 6.4.3 and 11.6.1, which aim to detect and prevent e-commerce skimming attacks. The document emphasizes the need for companies to gain visibility and control over third-party domains involved in payment processing, as these domains are often exploited in data breaches. Various methods to meet the new requirements are presented, including traditional approaches like Content Security Policy (CSP) and Subresource Integrity (SRI), as well as advanced solutions like Jscrambler’s Webpage Integrity PCI DSS Module. The guide stresses the importance of operationalization and maintaining evidence for compliance, highlighting how Jscrambler's solutions can assist online businesses in addressing these challenges effectively.