The Expert Guide to Defeating eSkimmers (ep. 8) episode artwork

EPISODE · May 26, 2026 · 29 MIN

The Expert Guide to Defeating eSkimmers (ep. 8)

from Practical Cybersecurity with Jen Stone · host SecurityMetrics

We can't keep turning a blind eye to e-commerce skimming. It's a real threat that demands real attention—regardless of how compliance checklists evolve. Eighteen months ago, our panel met to break down the rollout of PCI DSS requirements 6.4.3 and 11.6.1. Now, one year after PCI v4.0, we're looking at the data-backed reality of how these requirements are actually playing out in the field.With the recent industry transitions to PCI DSS v4.0.1, clarifications surrounding the boundaries between parent web pages and third-party iframes have created a dangerous side effect: "Checkbox Blindness." Many organizations are misinterpreting these adjustments to mean that script monitoring is effectively optional if a payment iframe is in place. But treating client-side security as a text-only compliance loophole ignores a harsh forensic reality—attackers don't care about scoping boundaries.In this follow-up episode, host Jen Stone sits down with a full house of SecurityMetrics experts—Gary Glover (VP of Assessment), Chad Horton (VP of Technology), and Aaron Willis (VP of Forensic Investigation)—to cut through the regulatory noise. Backed by data from over six years of payment page monitoring, they translate the latest auditor fine print into practical guidance on why your parent page remains a prime target, and how to protect it without drowning your team in alert fatigue.Key Takeaways From This Episode:The v4.0.1 Scoping Misconception: Why thinking an embedded iframe completely offloads your client-side security obligations is a critical business risk.Bypassing the Safe: How attackers manipulate the parent page environment to intercept credit card data before it ever reaches a secure iframe or redirect link.The Reality of "Checkbox Compliance": Why tracking down fourth- and fifth-party scripts matters to your baseline security, even if your SAQ criteria makes it look elective.Inside a "Zero-Malware" Exploit: A forensic breakdown of how threat actors turn legitimate, approved analytics scripts against online checkout flows.Managing the Responsibility Matrix: How to handle iframe providers who are quietly altering their security liability terms in their public documentation.Resources & Links Mentioned:Stop Checkbox Blindness: Automate your script inventory with SecurityMetrics Shopping Cart Monitor Get a Forensic MRI of Your Checkout: Schedule a deep-dive review with SecurityMetrics Shopping Cart Inspect Read the Research: Download the QSA White Paper on E-Commerce Skimmer Attacks Connect With Our Team:SecurityMetrics Website: securitymetrics.comFollow Us on LinkedIn: linkedin.com/company/securitymetricsA note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

We can't keep turning a blind eye to e-commerce skimming. It's a real threat that demands real attention—regardless of how compliance checklists evolve. Eighteen months ago, our panel met to break down the rollout of PCI DSS requirements 6.4.3 and 11.6.1. Now, one year after PCI v4.0, we're looking at the data-backed reality of how these requirements are actually playing out in the field. With the recent industry transitions to PCI DSS v4.0.1, clarifications surrounding the boundaries between...

NOW PLAYING

The Expert Guide to Defeating eSkimmers (ep. 8)

0:00 29:35

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

MG Show MG Show The MG Show, hosted by Jeffrey Pedersen and Shannon Townsend, is a leading alternative media platform dedicated to uncovering the truth behind today’s most pressing political issues. Launched in 2019, the show has grown exponentially, offering unfiltered insights, comprehensive research, and real-time analysis. With a commitment to independent journalism and factual integrity, the MG Show empowers its audience with knowledge and encourages active participation in the political discourse. French Your Way Jessica: Native French teacher founder of French Your Way Boost your French listening skills and test your comprehension with this one of a kind series of podcasts. Get the chance to listen to a real conversation between native speakers talking at normal speed AND customise your learning experience through carefully designed sets of questions (2 levels of difficulty) available for download at www.frenchvoicespodcast.com. All interviews also come with the transcript. French teacher Jessica interviews native speakers of French from around the world who share a bit of their life and passion. Where else would you meet in one same place a French yoga teacher based in Melbourne, a soap manufacturer from Provence, or a couple cycling around the world? That Hoarder: Overcome Compulsive Hoarding That Hoarder Hoarding disorder is stigmatised and people who hoard feel vast amounts of shame. This podcast began life as an audio diary, an anonymous outlet for somebody with this weird condition. That Hoarder speaks about her experiences living with compulsive hoarding, she interviews therapists, academics, researchers, children of hoarders, professional organisers and influencers, and she shares insight and tips for others with the problem. Listened to by people who hoard as well as those who love them and those who work with them, Overcome Compulsive Hoarding with That Hoarder aims to shatter the stigma, share the truth and speak openly and honestly to improve lives. The Small Business Startup School – Business Notes | Financial Literacy | Retail Psychology – For Professionals & Entrepreneurs The Small Business Startup School Inc. Starting or buying a small business? While personal circumstances may vary, business patterns remain timeless. On The Small Business Startup School, we explore strategies, insights, and practical solutions to help entrepreneurs confidently navigate their journey.Hosted by Ola Williams—a retail entrepreneur, fintech founder, and financial coach with over two decades of experience—this podcast marries financial awareness and retail psychology with optimism to deliver actionable takeaways.Join us to learn, grow, and connect as we uncover the keys to business success.Let’s continue to learn together and be encouraged to keep on connecting!

Frequently Asked Questions

How long is this episode of Practical Cybersecurity with Jen Stone?

This episode is 29 minutes long.

When was this Practical Cybersecurity with Jen Stone episode published?

This episode was published on May 26, 2026.

What is this episode about?

We can't keep turning a blind eye to e-commerce skimming. It's a real threat that demands real attention—regardless of how compliance checklists evolve. Eighteen months ago, our panel met to break down the rollout of PCI DSS requirements 6.4.3 and...

Can I download this Practical Cybersecurity with Jen Stone episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!