Watch how South Africans are buying on Black Friday
Peach Payments today launches its Black Friday Dashboard live on its website
Read More
Here’s what merchants need to know about PCI DSS v4.0
Imagine your house has a safe where you store your most valuable possessions. Now, picture leaving one door to your house open. Even though the safe is locked, your valuables remain at risk because that open door compromises your home's overall security. This illustrates the importance of securing not just your payment form (the safe) but also the entire parent page that hosts it.
This is where e-skimming attacks come into play. Even if your card capture form is secure, a vulnerability on your website can allow attackers to intercept sensitive data before it reaches your secure payment form.
The Evolution of Payment Security: From Securing the Room to Securing the Entire House
In the past, merchants relied on iframes to collect card data, which isolated the secure payment form from the rest of the website. As long as the payment form (or "the room with the safe") was secure, vulnerabilities elsewhere on the site were less of a concern. But with the rise of sophisticated attacks like e-skimming — where malicious code is injected into the website, not the payment form — this approach is no longer sufficient.
To combat these modern threats, the Payment Card Industry (PCI) Security Standards Council introduced PCI DSS v4.0, which enforces stricter security measures for the entire website (more specifically the “parent page” hosting the card capture widget), not just the card capture widget. With these new standards, protecting your entire site is mandatory to prevent attacks like e-skimming and ensure secure payment processing.
What is PCI DSS v4.0?
PCI DSS 4.0 is designed to enhance the security of cardholder data by adopting a comprehensive approach to security measures and access controls. Merchants must now secure every part of the payment flow, ensuring not only the payment form but also the hosting web environment is protected. The deadline for full compliance with PCI DSS v4.0 is March 2025, when the future-dated requirements become mandatory.
The Future-Dated Requirements:
PCI DSS v4.0 marks a shift from securing just the “safe” (payment form) to securing the entire house (your website). With new threats like e-skimming, every entry point must be fortified. The standard emphasizes a holistic approach—because if one window or door is left unsecured, everything is at risk.
The clock is ticking. March 2025 is closer than you think. Now’s the time to lock every door, window, and digital lock.
Coming Soon: Stay tuned for our next blog, where we'll explore merchant vs. Peach Payments’ responsibilities under PCI DSS v4.0 compliance.
To learn more about how we protect merchants today, check out our Security at Scale page
No spam. Just the latest news, ecommerce tips and tricks to help you scale your business.
Peach Payments today launches its Black Friday Dashboard live on its website
Read MoreStreamline your transaction reconciliation with Peach Payments' new Recon API, designed for speed, accuracy, and scalability in high-volume operations.
Read MoreWhat You Need to Know About PCI DSS 4.x
Read MoreWith a focus on quality, community, and customer satisfaction, Bloomable stands out as a pioneer in the online marketplace, transforming the way local florists connect with their customers and compete in the digital landscape.
Read MorePeach Payments does the heavy lifting, but here's what you need to do
Read MoreStart using multi-currency on your website. Everything you need to know to start on Shopify, WooCommerce, and your custom website.
Read More