As a leading provider of web application and API security solutions, Imperva is committed to helping merchants, payment processors, and anyone seeking to comply with the latest PCI DSS requirements. We previously discussed the changes introduced in PCI DSS 4.0. This blog will cover the clarifications introduced in version 4.0.1 regarding payment pages, forms, and script responsibility, precisely requirements 6.4.3 and 11.6.1. While version 4.0 marked a significant leap forward, including 64 new requirements spread across 3 phases, version 4.0.1 serves a different purpose, offering essential clarifications to the previous version. Although no new requirements were added, these updates provide improved clarity and guidance for organizations aiming to achieve compliance. Applicability: Clarification on The Scope of Client-Side Security Requirements One area where version 4.0.1 shines is in its applicability notes. Like us at Imperva, PCI understands that most merchants nowadays use Payment Service Providers or Third-Party Service Providers (PSPs or TPSPs) instead of creating the payment form themselves. This can be either via a form loaded into an iframe embedded on the checkout page or a redirect to a separate page owned and managed by a third party. Due to this, many merchants previously believed that embedding payment pages from a third-party relieves them from the need to comply with these new requirements. However, PCI DSS 4.0.1 addresses this by moving applicability…Read More