Source Defense has officially joined the PCI Security Standards Council’s Board of Advisors for the 2025 to 2027 term.| Source Defense
by Source Defense Even with the PCI DSS 4.0 deadline now behind us, many organizations are still exposed to costly eSkimming threats and compliance gaps. Source Defense recently hosted a webinar to explore how compliance actually drives better business outcomes – as seen through the lens of the positive bottom line impacts of implementing PCI The post eSkimming Security – Driving Bottom Line Results through Fraud Reduction and Revenue Maximization appeared first on Source Defense.| Source Defense
by Source Defense Don’t Trust Your Online Revenue Channel to Sub-par Solutions for eSkimming Security (Beware the big box “me too” solutions) As PCI DSS 4.0.1 enforcement has driven demand for eSkimming security and compliance controls (also known as client-side protection), several big-box CDN and “swiss army knife” security vendors have rushed to capitalize – The post Revenue Risk Hidden in Fly by Night New eSkimming Tools appeared first on Source Defense.| Source Defense
by Source Defense The Source Defense Research team has uncovered another active eSkimming campaign which demonstrates the use of novel techniques, and an increasing adversarial focus on attacking websites with techniques that bypass eSkimming security controls which focus solely on protecting payment pages. This indicates an evolution on the part of our adversaries in terms The post New Breed of Magecart: GTMs Working Together, JavaScript Hidden in CSS appeared first on Source Defense.| Source Defense
by Source Defense On a recent Source Defense roundtable, seasoned QSAs gathered to discuss the latest PCI DSS 4.0.1 updates—specifically requirements 6.4.3 and 11.6.1—and how organizations should respond. What followed was a frank, practical, and sometimes surprising conversation about merchant eligibility, the limits of iframe protection, and what compliance now looks like in an eSkimming-threatened The post What QSAs Are Saying About PCI DSS 4.0.1 and eSkimming Controls appeared first o...| Source Defense
by Source Defense A recent incident at Blue Shield of California highlights the critical importance of client-side security controls when implementing third-party scripts on healthcare websites. The nonprofit health plan has disclosed a significant data breach affecting 4.7 million members, stemming from a misconfiguration of Google Analytics on their web properties between April 2021 and The post Client-Side Security Breach Alert: Blue Shield of California Exposes 4.7 Million Members’ Heal...| Source Defense
Source Defense Research Blog | April 23, 2025 A Familiar Threat Resurfaces in the UK Our Source Defense Research team has uncovered an active Magecart-style eSkimming attack targeting a major UK-based online homeware retailer among a list of others. This campaign employs the same technique we observed earlier this year on another UK site, and The post New Magecart Variant Targets UK Retailer in Stealthy Double-Entry Attack appeared first on Source Defense.| Source Defense
by Source Defense A newly discovered payment card skimming campaign has emerged exhibiting a concerning level of sophistication and leveraging unique tactics that make detection highly challenging. The attack, identified by Source Defense researchers, employs an innovative technique that exploits Stripe’s deprecated API to verify card details before exfiltration – ensuring that only valid payment The post Sophisticated Payment Card Skimming Campaign Conceals Itself by Leveraging Stripe AP...| Source Defense
The post [Recording] Last Minute Change to SAQ-A appeared first on Source Defense.| Source Defense
by Source Defense The PCI Council’s recent update to SAQ-A merchant requirements will spark questions and confusion across the eCommerce ecosystem. Under the changes, SAQ-A merchants will no longer have to specifically follow requirements 6.4.3 and 11.6.1 – but in order TO BE SAQ-A eligible, they must still have eSkimming security solutions in place. A The post Next Steps from the PCI Council’s SAQ-A Update: Critical Responsibilities and Opportunities for PSPs appeared first on Source D...| Source Defense
by Source Defense The PCI Security Standards Council’s recent update to SAQ-A merchant eligibility and compliance requirements introduces significant changes with just weeks to go before the March 31st deadline for 6.4.3 and 11.6.1…shocker. The TL:DR? Under the changes, SAQ-A merchants will no longer have to specifically follow requirements 6.4.3 and 11.6.1 – but they The post Assessing the New SAQ-A Changes: Insights for QSAs appeared first on Source Defense.| Source Defense
by Source Defense Implications to 6.4.3 and 11.6.1 and What It Means for PSPs, Merchants, and QSAs. On January 30, 2025 the PCI Security Standards Council announced changes to eligibility requirements for any merchant trying to demonstrate compliance under a SAQ-A. Under the changes, SAQ-A merchants will no longer have to specifically follow requirements 6.4.3 The post Cheat Sheet and Action Plan: The PCI Council’s SAQ-A Eligibility Update appeared first on Source Defense.| Source Defense
by Source Defense Ensuring compliance with PCI DSS 4.0, specifically requirements 6.4.3 and 11.6.1, is not just about meeting regulations—it’s about securing your customers’ trust and protecting your brand from emerging threats like Magecart and eSkimming. Achieving this requires more than just technology; it requires a trusted partner who can navigate the complexities of compliance. The post Finding the Right Partner for PCI DSS 4.0.1 Compliance: Requirements 6.4.3 and 11.6.1 appeared ...| Source Defense
by Source Defense In 2024, Magecart attacks reached new levels of sophistication, targeting thousands of e-commerce websites worldwide. At Source Defense Research, we tracked dozens of campaigns leveraging advanced techniques, from exploiting Google Tag Manager to innovative uses of WebSockets and payment form forgeries. These attacks highlight the adaptability of attackers in the face of The post Unveiling 2024’s Attack Trends: Insights from Source Defense Research appeared first on Source...| Source Defense
The post [Recording] The Rise & Risk of Third-Party Scripts in Modern Websites appeared first on Source Defense.| Source Defense
In the rapidly evolving world of e-commerce, security remains a top priority. As part of our ongoing commitment to safeguarding our clients, we are bringing an important update to your attention regarding Adobe Commerce (Magento). This update underscores the urgent need to take immediate action when it comes to protecting your customers’ data. It is the second time in as many weeks that a widespread client-side attack has been disclosed - providing support for the decision by the PCI Counci...| Source Defense
The Kritec skimmer operates by intercepting the checkout process during online purchases. After a customer enters their payment details, the skimmer simulates a fake payment dialog, giving the impression that the payment has been processed. It then displays a fake error message, redirecting the victim to the actual payment page. During this process, the skimmer steals the customer's payment card details. The post Magecart/eSkimming Attack Using Kritec Skimmer Creates the Perfectly Hijacked Ch...| Source Defense
A new report by Recorded Future's Insikt Group reveals a concerning rise in Magecart attacks and e-skimming activity targeting online retailers. The research highlights how cybercriminals are evolving their tactics to bypass traditional, rather antiquated client-side security measures such as Content Security Policy (CSP) and compromise e-commerce platforms at an alarming rate.| Source Defense
A new report by Recorded Future's Insikt Group reveals a concerning rise in Magecart attacks and e-skimming activity targeting online retailers. The research highlights how cybercriminals are evolving their tactics to bypass traditional, rather antiquated client-side security measures such as Content Security Policy (CSP) and compromise e-commerce platforms at an alarming rate.| Source Defense
A new report by Recorded Future's Insikt Group reveals a concerning rise in Magecart attacks and e-skimming activity targeting online retailers. The research highlights how cybercriminals are evolving their tactics to bypass traditional, rather antiquated client-side security measures such as Content Security Policy (CSP) and compromise e-commerce platforms at an alarming rate.| Source Defense
by Source Defense The landscape of payment security is at a critical turning point. As we approach the March 31, 2025 PCI compliance deadline for implementing new e-skimming controls, organizations face mounting pressure to address what has become the predominant vector for payment fraud. This isn’t just another compliance checkbox – it represents a fundamental| Source Defense
Webinar Replay: eSkimming Security and PCI Compliance Watch the webinar, then CLICK HERE to visit our PCI DSS 4.0 Resource Center Download the CoalFire whitepaper below [Whitepaper] CoalFire Provides Guidance on PCI DSS 6.4.3 and 11.6.1 Guidance from CoalFire on the eSkimming Security requirements found in PCI DSS 4.0. The most talked about and concerning new| Source Defense
The increase in eSkimming attacks targeting customer data leave no room for neglecting security precautions during website redesign projects. Securing your customers’ data at the point of entry (as it is being entered into the forms on your site) should be considered foundational when planning and executing any website redesign.| Source Defense
Beware of digital skimming attacks! According to Visa's Spring 2023 Biannual Threats Report, digital skimming attacks targeting customer data on eCommerce checkout pages increased by 174% in the last half of 2022.| Source Defense