PCI DSS 4.0
How c/side makes you PCI DSS 4.0 compliant
PCI DSS 4.0 is now here! Though many aspects only take effect from the 31st of March, 2025.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of guidelines that ensures the safety of card transactions globally. Created by the PCI Security Standards Council, its goal is to protect against data theft and fraud in debit and credit card transactions.
PCI DSS 4.0 is now here! Though many aspects only take effect from the 31st of March, 2025.
PCI DSS 4.0 applies to all entities that store, process, or transmit cardholder data (CHD) and/or sensitive authentication data (SAD), or could impact the security of the cardholder data environment (CDE). This includes all payment card account processing entities such as merchants, processors, acquirers, issuers, and other service providers.
So likely, you too.
A massive new addition is the need to monitor (and even better, secure) 3rd party scripts. Since c/side is built to do just that, we're the ideal partner to make you compliant.
And good news! Our free tier makes you compliant by default :)
You now need to monitor 3rd party scripts
PCI DSS 4.0 (specifically requirement 6.4.3) mandates any website that takes digital payments, to authorize each script on payment pages, maintain an inventory of all scripts, and ensure their integrity. Requirement 11.6 emphasizes the need to detect and respond to unauthorized modifications on payment pages, including changes to HTTP headers and page contents. Organizations must check these configurations at least once every seven days or as determined by their risk analysis assessment.
The PCI DSS 4.0 update requires organizations to maintain an inventory of all system components relevant to PCI DSS, including bespoke and custom software but also 3rd party scripts.
Moreover, PCI DSS 4.0 also encourages a shift from annual audits to continuous security monitoring, involving regular reviews and updates of system components and software.
So in short, you need a way to to confirm that each script is authorized, a method to assure the integrity of each script, and an up-to-date inventory of all scripts including written justification as to why each is necessary. They also encourage to implement a solution that allows for continous monitoring of system component and software.
And that brings us to…
How c/side makes you PCI DSS 4.0 compliant
We let you monitor, manage, and block 3rd party scripts autonomously. Not only does c/side put all your installed external scripts in a proxy, we also give you the full transparent view of all of them, which by March 31st 2025 will be required by PCI DSS 4.0.
C/side also allows you to block scripts in a managed dashboard, you are notified when a script is updated, and you can see what changed.
While currently not required, we are even able to automatically respond to potential breaches or issues and block scripts automatically to provide full safety to someone visiting your site.
All of this is done by our free tier, which makes you automatically safer and PCI DSS 4.0 compliant.
If you were to require extra safety measures and features, like more advanced blocking measures or log exports to name a few, our paid tiers offer that upgrade path.
The alternatives
Legacy code monitoring tools can assist with meeting PCI DSS v4.0 rules, but most aren't powerful enough to spot and stop all JavaScript attacks. So while you would perhaps be compliant, you wouldn't be safe. That's a situation you don't want to find yourself in, as you can read here.
That's why we believe our solution is currently the most powerful in the market to prohibit bad actors from taking advantage of your users, putting both them and you at risk.
The other PCI DSS 4.0 changes
This article only covered the changes where c/side can help. PCI DSS 4.0 also brings other requirements that are currently not in the scope of our company. To find those and how to be compliant for everything, read our Full Guide to PCI DSS 4.0 Compliance.
