Some of the major changes in PCI DSS v4.0 fall under requirements 6.4.3 and 11.6.1. These certify that any business that accepts payments online must inventory, authorize, and justify all payment page scripts, as well as deploy a change and tamper-detection mechanism.
Even merchants who fully outsource payment processing to third-party
payment service providers must implement these requirements.
Jeff Zitomer, Senior Director of Product Management at HUMAN, discusses how to easily comply with PCI DSS 4.0 requirements 6.4.3 and 11.6.1 using HUMAN Client-side Defense.