Listen

Description

We can't keep turning a blind eye to e-commerce skimming. It's a real threat that demands real attention—regardless of how compliance checklists evolve. Eighteen months ago, our panel met to break down the rollout of PCI DSS requirements 6.4.3 and 11.6.1. Now, one year after PCI v4.0, we're looking at the data-backed reality of how these requirements are actually playing out in the field.

With the recent industry transitions to PCI DSS v4.0.1, clarifications surrounding the boundaries between parent web pages and third-party iframes have created a dangerous side effect: "Checkbox Blindness." Many organizations are misinterpreting these adjustments to mean that script monitoring is effectively optional if a payment iframe is in place. But treating client-side security as a text-only compliance loophole ignores a harsh forensic reality—attackers don't care about scoping boundaries.

In this follow-up episode, host Jen Stone sits down with a full house of SecurityMetrics experts—Gary Glover (VP of Assessment), Chad Horton (VP of Technology), and Aaron Willis (VP of Forensic Investigation)—to cut through the regulatory noise. Backed by data from over six years of payment page monitoring, they translate the latest auditor fine print into practical guidance on why your parent page remains a prime target, and how to protect it without drowning your team in alert fatigue.


Key Takeaways From This Episode:


Resources & Links Mentioned:


Connect With Our Team:

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/