Pci-Dss

🟠 High | Source: The Hacker News PCI DSS v4.0 now explicitly requires merchants to control and monitor third-party scripts running on payment pages, closing a long-standing blind spot where analytics, tag managers, and support widgets could exfiltrate card data without detection. A QSA assessment of the Reflectiz platform evaluated how well it addresses these new requirements. Any organisation taking card payments online needs to demonstrate they have visibility and control over client-side scripts or risk failing their next PCI audit. ...

🟡 Medium | Source: The Register — Security A retrospective account has emerged of a major US telecommunications carrier storing customer credit card data in plaintext during the early 2000s, a practice discovered by an employee on their very first day. This highlights how poor data handling hygiene was commonplace before PCI DSS mandated encryption standards, and serves as a reminder of the long-term reputational and regulatory risks of inadequate data protection. While historical, the story resonates today as organisations continue to misconfigure data storage in cloud environments. ...