Welcome HUMAN Security, a new Principal Participating Organization (PPO) at the PCI Security Standards Council! In this special spotlight edition of our PCI Perspectives Blog, HUMAN Security’s Senior Director of Product Management, Client-side Defense & Compliance Jeff Zitomer introduces us to his company and how they are helping to shape the future of payment security.
Tell us about your company.
HUMAN is a cybersecurity company that disrupts digital fraud and abuse from login through transactions. Our Client-side Defense solution simplifies compliance with PCI DSS v4.0 requirements 6.4.3 and 11.6.1. We streamline payment page script management and mitigate script-based attacks, enabling browser script value while reducing the risk of cardholder data skimming.
Why did your company decide to become a Principal Participating Organization?
Protecting against malicious script behavior has long been central to HUMAN’s cybersecurity mission. When requirements 6.4.3 and 11.6.1 were announced as part of PCI DSS v4.0, we were excited to join the conversation with the PCI Security Standards Council (PCI SSC). As a Principal Participating Organization, we will continue to shine a light on the client-side attack surface, help entities painlessly address the new requirements, and secure online transaction surfaces.
Which benefits are you most looking forward to as a Principal Participating Organization?
As a Principal Participating Organization, we have been involved in conversations about payment data security with PCI SSC and are providing input to further clarify the new browser script requirements. Whether as part of the Roadmap Roundtable Group (RRG), Technology Guidance Group (TGG), or at the global Community Meetings, we are excited to gather insights and share knowledge that will shape the future of PCI DSS. Discussing key security and compliance topics and developing best practices with our peers will help entities secure their websites and consumers’ card data. In our unique position on the cutting edge of threat research, we can also share intelligence into evolving threats affecting the payment ecosystem.
Why is it important for companies to get more involved with the PCI Security Standards Council, especially at the Principal Participating Organization level?
The PCI Security Standards Council is at the forefront of payment security initiatives. Getting involved as a Principal Participating Organization allows companies to play an active role in shaping the future of PCI DSS. The payments security landscape is complex, and every organization approaches it from a different perspective. By combining knowledge across Principal Participating Organizations, we can stay ahead of emerging threats and keep transactions secure for all consumers.
What are some payment security topics that you’re interested in collaborating on?
We are interested in collaborating with the PCI Security Standards Council to fully secure the client-side attack surface against malicious script-based attacks. Inventorying scripts, identifying vulnerabilities, and assuring script integrity are just the first steps to protect against cardholder data skimming. It is critical for organizations to proactively control scripts’ data access and mitigate client-side threats. We hope to share our deep knowledge and experiences of this threat vector in order to strengthen organizations’ payment security.