PCI DSS JavaScript compliance tool free from Jscrambler
Thursday, June 29, 2023
Brittany Hainzinger |
Jscrambler has launched its free compliance tool, which is a JavaScript scanner for PCI DSS 4.0 compliance. The tool enables developers to ensure compliance with requirements 6.4.3 and 11.6.1 of PCI DSS v4.0 and obtain the anti-skimming requirements ahead of the mandatory requirement in April 2025.
Jscrambler announced the launch and immediate availability of its free PCI DSS JavaScript Compliance Tool to ensure granular and flexible capacity to meet the stringent new requirements introduced by version 4.0 of the Payment Card Industry Data Security Standards (PCI DSS v4.0). This free assessment tool provides organizations of all sizes with clarity and simple compliance coupled with proactive security measures to prevent web skimming and Magecart attacks.
Jscrambler launches free JavaScript scanner tool for PCI DSS 4.0 compliance
Jscrambler is a PCI Security Standards Council Principal Participating Organization, and Pedro Fortuna, Jscrambler's CTO, and co-founder was recently elected a member of the PCI SSC Board of Advisors attesting the relevance of Jscrambler's 13+ years' work on client-side security and its importance to the payment industry.
Jscrambler's team of JavaScript experts has worked to create a solution that will directly ensure compliance with requirements 6.4.3 and 11.6.1 of PCI DSS v4.0. With the new PCI DSS v4.0 requirements already in the public domain, organizations need to prioritize this transition while simultaneously adopting proactive measures to protect their customer's payment card information. Although the new requirements in PCI DSS are not mandatory until April 2025, they are indicated as "best practices" until this date. Combining the trifecta of technology, people, and processes, Jscrambler's solution provides teams with the flexibility and agility they require to meet these deadlines without compromising other priorities.
To meet the new anti-skimming requirements of PCI DSS v4.0, which includes ensuring script integrity, maintaining an up-to-date inventory of payment/parent pages' scripts, and alerts for any tampering attempts, Jscrambler's new tool offers advanced visibility to easily monitor and authorize vendors and scripts, while providing effortless and detailed reporting logs to demonstrate compliance to PCI Security Assessors (ISAs and QSAs) and internal compliance teams.
Web skimming attacks continue to plague organizations that have an e-commerce store, with attackers launching campaigns to hit as many targets as possible by injecting malicious code into websites via third-party providers. Jscrambler's research has shown that in recent months the modus operandi for three of the most prolific cybercriminal groups has evolved as they seek more innovative ways to compromise targets. As a result, and if successful, these attacks can go undetected for months, potentially resulting in reputation damage and heavy fines.
Working with Jscrambler, organizations get peace of mind as security teams can configure and manage multiple websites and payment pages in one place, further streamlining compliance visibility and reporting. To stay one step ahead, and ensure that organizations maintain a secure environment, teams can react promptly due to immediate alerts on any modifications to HTTP headers, integrity breaches, or adding of new vendors.
Pedro Fortuna, Co-founder and CTO at Jscrambler, comments: "With all organizations across the globe that take online payments needing to be fully compliant with the new PCI DSS v4.0 requirements by early 2025, it is imperative that they take action now to identify where any gaps in their security defenses are and take proactive steps to mitigate them. This is no small undertaking for any organization, however, with the release of this tool, backed up by the first-hand expertise of our team in JavaScript, and our experience in dealing with application security challenges in the payment industry, we are empowering organizations to make informed decisions and giving them unparalleled control over data protection."
"Jscrambler is a trusted partner for businesses working to secure payment card data and to achieve PCI DSS compliance. Jscrambler's resources allow organizations of all sizes to ensure client-side security is constantly safeguarded, effectively protecting organizations and their customers. I'm delighted to work closely with the team to ensure we're developing one of the most advanced solutions in the market," says John Elliott, Jscrambler Advisor and one of the authors of PCI DSS v4.0.
Become a subscriber of App Developer Magazine for just $5.99 a month and take advantage of all these perks.
MEMBERS GET ACCESS TO
- - Exclusive content from leaders in the industry
- - Q&A articles from industry leaders
- - Tips and tricks from the most successful developers weekly
- - Monthly issues, including all 90+ back-issues since 2012
- - Event discounts and early-bird signups
- - Gain insight from top achievers in the app store
- - Learn what tools to use, what SDK's to use, and more
Subscribe here