Akamai introduces new capabilities to simplify PCI DSS 4.0 compliance for organizations
The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance payment card data security as well as facilitate the broad adoption of consistent data security measures globally.
The latest update of PCI DSS (version 4.0) was released in 2022. The standard becomes effective in March 2024, with full enforcement of requirements in March 2025. It includes several new security requirements and updated guidance to address current threats and technologies. Any organization processing, storing, or transmitting payment card information online must comply.
To comply with the new standard, organizations must now know what scripts are loading and executing on the payment pages of their website, what actions those scripts are taking, and when those scripts change.
The new PCI DSS 4.0 compliance capabilities include:
PCI DSS 4.0 dashboard (satisfies PCI DSS v4.0 requirements 6.4.3 and 11.6.1) — Gain compliance insights with one click. A comprehensive dashboard addresses each component of requirements 6.4.3 and 11.6.1 directly within the product. Security teams can ensure script authorization and behavioral integrity, protect against payment page tampering, and keep up-to-date with script inventory management with a single view to ease the auditing process.
Dedicated PCI alerts (satisfies PCI DSS v4.0 requirements 6.4.3 and 11.6.1) — Receive immediate and actionable alerts on PCI-related events for real-time mitigation. This includes notification of any data exfiltration, unauthorized scripts, tampering of protection for configured payment pages, and unauthorized HTTP header modifications. Alerts are summarized in the PCI DSS v4.0 dashboard and logged for auditing evidence.
Client-Side Protection & Compliance is a CDN-agnostic product with flexible deployment options. The solution is a part of Akamai’s industry-leading web application security portfolio and works well with Akamai App & API Protector.
Businesses can bundle these products to gain comprehensive protection against both server-side and client-side threats, as well as to meet additional PCI DSS v4.0 requirements.
“With the deadline for PCI DSS 4.0 compliance fast approaching, Akamai Client-Side Protection & Compliance helps simplify the complex compliance process, and grants businesses the peace of mind that end-user payment card data is protected,” said Rupesh Chokshi, SVP and GM of Akamai’s Application Security Group.
Businesses across all industries that accept payments online have to prepare to meet the upcoming PCI DSS 4.0 deadline. Forrester’s 2023 report highlighted client-side protection as a key technology that financial services and insurance organizations plan to adopt this year.
The report states, “The PCI Security Standards Council added requirements for client-side security — so it’s not surprising to see financial services firms rushing to adopt client-side code protections to comply with PCI DSS and protect against the likes of Magecart, formjacking, and cryptojacking attacks.”