PCI DSS 4.0 Consumer Browser Compliance
Simulation
PCI DSS 4.0 Consumer Browser Requirements
The new future-dated PCI DSS 4.0 requirements go into full effect, beginning March 2025. If you have an online payment page, it's time to get ready for these changes. HUMAN Security can make complying to the consumer browser protection requirements easy and painless.
Begin Simulation
HIDE ME
These New PCI DSS requirements apply to merchants who accept online payments (even if they outsource payments) and payment service providers. Modern websites source code at runtime from across the Internet to deliver critical business functionality. This forever-changing code bypasses traditional security controls and is often exploited to steal cardholder data.
Scripts on payment pages can steal cardholder data by reading payment forms, presenting alternative forms, or redirecting users to malicious payment pages.
For requirement 6.4.3 you must authorize, assure the integrity of, and inventory & justify all payment page scripts. For 11.6.1 you must monitor for unauthorized modification of HTTP headers and scripts.
Configuring Consumer Browser Protection
HUMAN uses our sensors to collect and correlate the information for all the scripts loaded to a customer browser. • The first step is to insert a JavaScript snippet on the pages to be protected. • Once loaded, the page will send relevant information to the HUMAN Sensor.
Page 2 - Configuration
Insert JS Snippet on Template For All Relevant Pages
HUMAN uses our sensors to collect and correlate the information for all the scripts loaded to a customer browser. The first step is to insert a JavaScript snippet on the pages to be protected.
PCI DSS 4.0 Compliance Overview
The PCI DSS dashboard presents compliance status and open action items. After pasting HUMAN’s single line of code, script and header inventories are automatically detected, risk scored, and maintained in compliance with the new requirements.
Page 4 Authorization and Justifcation
Review inventory of payment pages in scope for compliance.
Organize scripts by payment page or vendor.
Understand compliance status at a glance.
Manage scripts and HTTP headers.
Payment Page Script & HTTP Header Authorization and Justification
HUMAN provides a simple method to authorize, justify, and assure the integrity of scripts, along with on-demand audit reports. The solution will alert on unauthorized changes to scripts and HTTP headers and will enable deep investigation of risky script behavior.
See details including page, vendor and risk level.
Authorize scripts and review their authorization history.
Vendor details are automatically populated.
Review script inventory and individual status.
Click for in-depth script analysis. (Example shows script actions).
Authorization History
HUMAN keeps an authorization history for scripts and HTTP headers making it easy to quickly audit and assess with the full context of historical decisions.
Script details help to quickly understand its purpose.
Review why a script was previously authorized.
Review the authorization and change history for the script.
Script Management Made Easy
Surgically managing scripts is straightforward with HUMAN. Drag and drop functionality can be used to build blocking and allowing rules, choosing from multiple conditions. For example, stopping scripts from accessing credit card data, allowing scripts from a trusted vendor, and authorizing scripts for PCI
Mitigate high-risk actions without interrupting script’s value.
Intuitively drag-and-drop options to build policy rules
Choose from multiple conditions and actions.
Consumer Browser Script Inventory
As soon as you install the JavaScript snippet on your website, HUMAN will begin collecting an inventory of all scripts, making your job of keeping an inventory much easier. This list can be downloaded to a .CSV file for record keeping.
Page 3 Script Inventory
To add the inventory of your scripts to a report, click to download
Payment Page Script Authorization and Justification
All scripts running on your payment page must be authorized and a justification on why you need this script to run must be provided. With the HUMAN PCI DSS 4.0 solution, you can view the authorization status of a script or change the authorization status and provide justification stauts of a script. You can monitor script activity in real time and understand potential compliance violations.
Some of the types of alerts provided by the HUMAN PCI DSS 4.0 solution
Status levels of scripts
Once discovered, scripts can be authorized and justification provided
Request a Demo
PCI DSS 4.0 is here. HUMAN makes complying with the consumer browser requirements quick, easy, and ongoing. To see how quickly you can inventory, authorize, justify and monitor your payment page scripts, request a full demo with HUMAN.
