Scott Fiesel

Blog | Source Defense

by Source Defense Implications to 6.4.3 and 11.6.1 and What It Means for PSPs, Merchants, and QSAs. On January 30, 2025 the PCI Security Standards Council announced changes to eligibility requirements for any merchant trying to demonstrate compliance under a SAQ-A. Under the changes, SAQ-A merchants will no longer have ... Read More

by Source Defense Ensuring compliance with PCI DSS 4.0, specifically requirements 6.4.3 and 11.6.1, is not just about meeting regulations—it’s about securing your customers’ trust and protecting your brand from emerging threats like Magecart and eSkimming. Achieving this requires more than just technology; it requires a trusted partner who can ... Read More

by Source Defense In 2024, Magecart attacks reached new levels of sophistication, targeting thousands of e-commerce websites worldwide. At Source Defense Research, we tracked dozens of campaigns leveraging advanced techniques, from exploiting Google Tag Manager to innovative uses of WebSockets and payment form forgeries. These attacks highlight the adaptability of ... Read More

by Source Defense In a recent high-profile incident covered by Forbes, our Source Defense Research team identified a sophisticated Magecart attack targeting the European Space Agency’s online store. This case study demonstrates why leading organizations worldwide trust Source Defense to protect their client-side security. In the December 2024 incident, Forbes ... Read More

by Source Defense With the introduction of PCI DSS 4.0, merchants are now grappling with new requirements that aim to enhance the security of cardholder data. At a QSA roundtable hosted by Source Defense, industry veterans gathered to dissect these changes and their implications for businesses of all sizes. Understanding ... Read More

by Source Defense A new report by Recorded Future’s Insikt Group reveals a concerning rise in Magecart attacks and e-skimming activity targeting online retailers. The research highlights how cybercriminals are evolving their tactics to bypass traditional, rather antiquated client-side security measures such as Content Security Policy (CSP) and compromise e-commerce ... Read More

by Source Defense A sophisticated attack chain targeting e-commerce payment flows has been prematurely exposed in a concerning development, highlighting the delicate balance between responsible disclosure and public safety. Discovered initially by Source Defense’s research team and responsibly disclosed to Google on November 19, 2024 (Issue ID: 379818473), this critical ... Read More

by Source Defense Payment card security faces new challenges as merchants and service providers prepare for the Payment Card Industry Data Security Standard (PCI DSS) 4.0 requirements on eSkimming prevention. With the March 2025 deadline approaching, organizations must act quickly to implement these new mandates.  Here’s a look at Source ... Read More

With less than four months until the compliance deadline for new eSkimming security controls in PCI DSS, Source Defense, a pioneer in client-side security, hosted a critical roundtable discussion featuring leading Qualified Security Assessors (QSAs).  The webinar brought together top industry experts to address requirements 6.4.3 and 11.6.1, which organizations ... Read More

by Source Defense The landscape of payment security is at a critical turning point. As we approach the March 31, 2025 PCI compliance deadline for implementing new e-skimming controls, organizations face mounting pressure to address what has become the predominant vector for payment fraud. This isn’t just another compliance checkbox ... Read More