Sold by: HUMAN Security
HUMAN Client-side Defense simplifies payment page script management in compliance with PCI DSS 4 requirements 6.4.3 and 11.6.1. Deploy a single line of JavaScript to automatically receive a comprehensive risk-scored script inventory, provide a simple method to authorize, justify, and assure the integrity of scripts, and generate on-demand audit reports. The solution monitors script behavior, alerts on unauthorized script changes and security-impacting HTTP headers, and enables investigations of risky script actions. Customers can simplify PCI DSS compliance tasks and safely benefit from browser scripts with complete visibility and control across their entire website.
With HUMAN, users can streamline payment page script and header management, secure their site beyond PCI DSS compliance, unleash their business, and reduce risk.
Sold by: HUMAN Security
Overview
As of March 31, 2025, any website that accepts card payments online must digest, implement, and operationalize two new PCI DSS 4 requirements to manage scripts and headers on their payment pages.
What are organizations expected to do that is new? To protect cardholder data from the risks introduced by scripts, requirement 6.4.3 mandates that our customers/prospects manage all payment page scripts as follows
A method is implemented to confirm that each script is authorized A method is implemented to assure the integrity of each script An inventory of all scripts is maintained with written justification
To further prevent skimming, requirement 11.6.1 states that a change and tamper-detection mechanism is deployed to alert personnel to unauthorized modifications to the security-impacting HTTP headers and the script contents of payment pages.
Note that requirements 6.4.3 and 11.6.1 also apply to merchants using third-party payment service providers to avoid collecting cardholder data themselves, including merchants who self-attest with SAQ D, SAQ A, and SAQ A-EP.
HUMAN PCI DSS Compliance provides:
Easy deployment by embedding a single line of JavaScript code into your website.
Auto-generated script inventory enables justification and authorization and ensures the integrity of all payment page scripts and alerts on HTTP header modifications.
Detailed management console shows current PCI DSS compliance status and generates audit reports on demand.
Policy rules automate script authorization workflows and enable proactive precision mitigation of risky script behaviors, such as cardholder data access.
Script analyzer provides deep insight into each script provenance and DOM, storage, and network actions to inform authorization decisions.
Inventory management of payment page scripts and security-impacting headers with justification, authorization, and integrity logs, complying with 6.4.3 and 11.6.1 of PCI DSS 4.
API and out-of-the-box integrations with common tools and apps (messaging, ticket management, SIEM) to adapt to your workflows.
Highlights
- Streamline Payment Page Script and Header Management With a single line of code, auto-discover, justify, authorize, and assure script and header integrity.
- Secure Your Site Beyond PCI DSS Compliance Gain complete visibility and control of script behavior, gain deep insight, and block risky script actions.
- Unleash Your Business, Reduce Your Risk Enable the value of scripts with automated policies that surgically block risky actions, protecting payment data in browsers.
Details
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on contract duration. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. Usage-based pricing is in effect for any usage exceeds the entitle amount or not covered in the contract. These charges will be applied on top of the contract price. If you choose not to renew or replace your contract before it ends, access to your entitlements will expire.
Dimension | Description | Cost/12 months |
|---|---|---|
Client-side Defense Core | Client Side Defense: Core
Up to 200,000 Payment Page Views per month | $26,400.00 |
Dimension | Cost/unit |
|---|---|
Client Side Defense: Core
Each 1K Payment Page Views monthly over 200k | $11.00 |
Vendor refund policy
No Refunds
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Self Service and White Glove Managed Service Available. Onboarding support provided for all new clients. Leverage the efficiency and adaptive design of HUMAN's collective protection. Collective Protection helps to reduce the intensity and rigor of manual tuning to ensure that identified threat markers and signals are worked back into R&D to protect your business before it happens to you. The solution scales well to support the fast-paced lean security teams of today. BotOrNot_Support@humansecurity.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
PCI Pal Professional Services
By PCI Pal
Professional Services provided by PCI Pal for the implementation of PCI Pal Services with Amazon Connect.
PCI Compliant / Hardened Amazon Linux 2
By Citadel
This product has charges associated with it for hardening and maintenance. This Citadel VM is secured using 300+ open source security controls and validated using Citadel Audit.
PCI Pal enables contact centers of any size, anywhere in the world, to offer a frictionless, PCI DSS compliant, payment experience to their customers. We secure and simplify the call center payment experience with a true omnichannel solution.
PCI Compliant / Hardened Ubuntu 18.04
By Citadel
This product has charges associated with it for hardening and maintenance. This Citadel VM is secured using 300+ open source security controls and validated using Citadel Audit.
Customer reviews
No customer reviews yet
Be the first to write a review for this product.