In March, the Payment Card Industry Security Standards Council published Payment Card Industry Data Security Standard (PCI DSS) Version 4.0 to address emerging threats and market changes. PCI DSS v4.0 is set to go into full effect in March 2025, replacing PCI DSS Version 3.2.1. Learn how this will impact your business.
Like its predecessor, PCI DSS v4.0 is centered on 12 requirements that ensure safe transactions at your point of payment (POP) or point of sale (POS) pages. These core requirements did not fundamentally change with the latest release. Instead, v4.0 adds flexibility to implementation, strengthens security standards and necessitates a continuous process to ensure compliance.
There are several enhancements and amendments that might seem simple in theory, but will require significant resources in practice. One such addition is Section 6.4.3. This part of the DCI PSS tightens requirements for payment scripts, setting new regulations for script inventory, script integrity and script authorization — a difficult and significant undertaking, if done manually.
Take a walk on the client side
Section 6.4.3 of PCI DSS v4.0 establishes the following requirements for all payment page scripts that are loaded and executed in the consumer’s browser.
…
