Jscrambler Launches JavaScript Scanner for PCI DSS 4.0 Compliance

  /     /     /  
Publicated : 23/11/2024   Category : security


Jscrambler Launches JavaScript Scanner for PCI DSS 4.0 Compliance


The free tool aims to help organizations meet the requirements of the new version of the payment standard, which takes effect next March.



Jscrambler has released a free tool to help companies check the JavaScript code running on their e-commerce sites and bring them into compliance with the latest PCI DSS (Payment Card Industry Data Security Standards) version 4.0.
PCI Security Standards Council
released PCI DSS v4.0
in March 2022 and began a two-year phaseout of the previous versions before beginning enforcement. By March 31, 2025,
all retailers and e-commerce sites
– anyone who handles payment cards online, really – will need to be in
compliance with these requirements
. Jscramblers
PCI DSS JavaScript Compliance Tool
helps organizations assess whether the JavaScript on their e-commerce sites meet to two v4.0 requirements: protection against (6.4.3) and detection (11.6.1) of skimming attacks on all scripts from a merchant or its third- and fourth-party contractors.
Section 6.4.3 requires that companies confirm that each script is authorized, ensure the integrity of the scripts, and maintain a complete inventory that explains why each script is necessary. Section 11.6.1 applies to merchants that include a third partys iframe payment form on their websites; it compels an evaluation of the HTTP header and payment page periodically (usually every seven days) that looks for and notifies the merchant about any changes to the page.
The anti-skimming requirements are necessary because attackers are launching Web
skimming campaigns
by injecting malicious code into Magento, WooCommerce, Shopify, and WordPress sites.
Magecart
skimmers have been found on
2 million websites
, including those of
Ticketmaster and British Airways
.
The Jscrambler tool searches for and collates all scripts on a merchants site, performing script verification and authorization, and then logging the results, including compliance status. It visualizes each script, highlighting actions that are considered suspicious, analyzes scripts for function and generates justifications for using each. Alerts are triggered if scripts are tampered with, the contents of the payment page are changed without authorization, and the HTTP header is altered. All of these functions reduce manual compliance efforts and assist in generating audit-ready reports, the company said.

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Jscrambler Launches JavaScript Scanner for PCI DSS 4.0 Compliance