The eCommerce PCI DSS landscape is evolving, with the latest FAQ from the PCI SSC clarifying which eCommerce merchants need to complete SAQ A (with Requirements 6.4.3 and 11.6.1 being part of their PCI Compliance validation). No surprises, it is specifically focused on those that use inline frames (iframes) for payments.
The PCI SSC also confirmed that this criteria can be met using techniques such as, but not limited to, those detailed in PCI DSS Requirements 6.4.3 and 11.6.1 to protect the merchant’s website from scripts targeting account data.
We have been watching the evolution with interest as we provide full support for the following PCI DSS Requirements "out of the box" with our ThreatView Advanced Edition:
6.4.3 - Script Monitoring. We provide this in real-time.
11.5.2 - File Integrity Monitoring - a foundation part of ThreatView. We track every change made to every file within the website.
11.6.1 - HTTP Header Monitoring
With our Threatview Advanced Edition priced at just $59/month, it is accessible for most eCommerce businesses.
However, we have made a SIGNIFICANT addition to our solution to enable eCommerce businesses of all sizes have access to our threat detection and PCI DSS Support by introducing support for 6.4.3 and 11.6.1 into both our free Community edition and our Secure Edition.
PCI DSS Support for 6.4.3 and 11.6.1 No/Low Cost.
As of this week, both our Community and Secure Editions provide PCI Support for 6.4.3 and 11.6.1
What does that mean?
Our Community (free) and Secure solution tiers provide:
Easy to use - 2 minute setup - NOTHING to install.
External security assessments - different from an ASV scan, we focus on the security of the eCommerce software (this is where, in our experience, most websites have vulnerabilities that get exploited by criminals).
We check the websites for the latest eCommerce malware - we have one of the most comprehensive threat datasets in the industry.
We record all scripts being loaded on a site, checked against our threat datasets - helping eCommerce sites to monitor their scripts (PCI 6.4.3) AND checking them for malicious content (security and compliance).
We check the HTTP Headers for malicious activity - 11.6.1.
Enable the reports to be exported and downloaded.
Frequency of Checks:
Community (Free) Edition - fortnightly checks.
Secure Edition - daily checks. And soon to include REAL-TIME script monitoring to enable merchants to be proactive and secure (and easily meet their 6.4.3 requirements for PCI DSS Compliance)
We focus on security and PCI DSS Compliance is one of the important results of doing security well.
Free Trial of ThreatView Secure
We provide a 30 day free trial of ThreatView Secure - set up your Community account below and then contact our support team by opening a ticket within ThreatView and request the free trial upgrade to Secure.
Comments