Latest news with #SimonWijckmans
Yahoo
07-02-2025
- Business
- Yahoo
c/side Media Alert: What E-Commerce Businesses Must Know About Recent PCI DSS Updates
The new requirements add client-side security attestation for e-commerce merchants using third-party payment providers SAN FRANCISCO, Feb. 06, 2025 (GLOBE NEWSWIRE) -- c/side, a cybersecurity company with tools for monitoring, optimizing, and securing vulnerable browser-side third-party scripts, today highlighted new self-attestation requirements introduced in recent PCI updates ahead of the March 31, 2025, compliance deadline. The Payment Card Industry Security Standards Council (PCI SSC) introduced significant changes to Self-Assessment Questionnaire A (SAQ A) on January 30, 2025. While SAQ A has traditionally offered a simplified compliance path for low-risk merchants not storing cardholder data, the update adds a crucial requirement: merchants must now confirm their e-commerce systems are protected against client-side script attacks to maintain their SAQ A qualification status. 'E-commerce businesses must now self-attest that their site is secure against client-side web script attacks,' said Simon Wijckmans, CEO and founder, c/side. 'This change presents compliance challenges, especially for merchants relying on third-party payment providers, as many lack the expertise to assess client-side risks. Without the right protections, they may no longer qualify for SAQ A. The best way to ensure PCI DSS 4.0.1 compliance is to continuously monitor the client-side environment in real-time and stay ahead of evolving threats.' What e-commerce merchants must know: Critical March 31 deadline: Merchants must verify (and attest to) their protection against client-side attacks to maintain SAQ A qualification under PCI DSS v4.0.1. Expanded merchant responsibility: While requirements 6.4.3 and 11.6.1 are no longer mandatory, merchants must now actively demonstrate client-side security measures. Hidden vulnerabilities in modern e-commerce: Third-party payment providers do not automatically protect against script manipulation, leaving payment data exposed to sophisticated attacks. Escalating risk environment: Client-side attacks have been rising fast and affecting merchants both large and small. Additional resources: c/side blog with more detail: PCI SSC Updates SAQ A for PCI DSS 4.0.1 – What you need to know c/side press release on PCI compliance capabilities: c/side Launches PCI Compliance Dashboard for New PCI DSS 4.0.1 Requirements PCI Security Council blog: Important Updates Announced for Merchants Validating to Self-Assessment Questionnaire A About c/side c/side is a forward-thinking cybersecurity startup focused on browser-side detection and protection. Led by industry expert Simon Wijckmans, c/side is pioneering technologies to shield against sophisticated cyber threats, ensuring unparalleled security standards for users across the web. ContactKyle Petersonkyle@
Associated Press
29-01-2025
- Business
- Associated Press
c/side Launches PCI Compliance Dashboard for New PCI DSS 4.0.1 Requirements
SAN FRANCISCO, Jan. 29, 2025 (GLOBE NEWSWIRE) -- c/side, a cybersecurity company specializing in browser-side third-party scripts, today announced the launch of its PCI compliance dashboard to show that PCI DSS 4.0.1 requirements are met for third-party website script monitoring and management. The Payment Card Industry Data Security Standard (PCI DSS) provides guidelines for organizations to safeguard their payment infrastructure against data theft and fraud in debit card and credit card transactions. PCI DSS compliance is mandatory for all businesses that accept card payments, and is enforced via penalties that can include monthly fines up to six figures and suspension of card acceptance capabilities. PCI DSS 4.0.1 introduces two new mandates (6.4.3 and 11.6.1) for securely monitoring and managing browser-side third-party scripts. Organizations must implement these changes by March 31, 2025. c/side's PCI compliance dashboard enables organizations to secure and monitor all third-party scripts across their websites, providing the comprehensive protection these standards demand. 'Businesses are struggling to adapt legacy security tools to meet the new PCI DSS requirements for processing, storing, and transmitting payment card data,' said Simon Wijckmans, founder and CEO, c/side. 'The regulations have tightened and become more prescriptive—and specific cybersecurity capabilities are critical to ensure compliance and avoid an auditing disaster. c/side's ability to track and verify third-party web script behavior maps to exactly what these new mandates are looking for, and our dashboard gives businesses the complete visibility and control they need.' Here is how c/side addresses both the 6.4.3 and 11.6.1 requirements of PCI DSS 4.0.1: PCI DSS requirement 6.4.3 mandates that organizations accepting digital payments must authorize every script running on payment pages. Organizations must also maintain an inventory of third-party scripts with written justification for their use, while ensuring script integrity. c/side's dashboard maintains a complete script inventory across all website pages and captures each script's payload in real time. This visibility instantly shows any code changes and potential threats. The system verifies script authorization and integrity, while automatically blocking and alerting on malicious changes—exceeding PCI DSS requirements. PCI DSS requirement 11.6.1 focuses on monitoring script changes by requiring weekly evaluation and reporting of any unauthorized changes to HTTP headers or payment page scripts. This poses a unique challenge, since third-party JavaScript scripts (by default) serve different code versions for various functions. c/side solves this by capturing and analyzing every script request through its proxy technology. The dashboard's AI-powered analysis highlights changes and explains code functionality, giving engineers clear insight into script behavior. In case of an audit, organizations often face needless challenges in tracking third-party script activity and ensuring compliance across payment and non-payment pages. This lack of visibility increases the risk of non-compliance, fines, and audit delays. With c/side, these pain points are eliminated. The c/side dashboard automatically generates comprehensive weekly reports that document all script activity and enable granular controls to ensure scripts run only where approved. By automating these processes, c/side transforms a complex compliance requirement into a straightforward task, reducing risks, eliminating audit delays, and easing the burden of maintaining compliance. Learn more about c/side's new dashboard here. c/side is a forward-thinking cybersecurity startup focused on browser-side detection and protection. Led by industry expert Simon Wijckmans, c/side is pioneering technologies to shield against sophisticated cyber threats, ensuring unparalleled security standards for users across the web. Contact Kyle Peterson
