The integration will help with new consumer browser requirements 6.4.3 and 11.6.1, which can be cumbersome for website owners to manage
HUMAN Client-side Defense Integrates with Amazon Web Services Marketplace & Web Application Firewall to Simplify Compliance with New PCI DSS 4 Requirements
NEW YORK, March 11, 2025 – HUMAN Security, Inc., a leading cybersecurity company committed to safeguarding every step of the customer’s online journey by defending against bots, fraud, and digital risk, today announced that it is integrating its Client-side Defense with the Amazon Web Services (AWS) Marketplace and Web Application Firewall (WAF). This will provide an easy way to comply with the Payment Card Industry Data Security Standard— known as PCI DSS 4—consumer browser requirements 6.4.3 and 11.6.1 that took effect in March 2025.
“HUMAN’s long-standing partnership with AWS emphasizes our commitment to deliver the next-gen suite of solutions that constitute a modern Client-side Defense,” said Elad Amit, SVP, Enterprise Product. “The integration between HUMAN Security Client-side Defense and AWS WAF allows quick authorization, justification, and reporting so that compliance teams can protect their customers’ card data under these new PCI DSS 4 requirements.”
Any merchant accepting payment cards to purchase goods and services must comply with PCI DSS 4. The two new PCI DSS 4 controls require entities to manage and monitor scripts and security-impacting HTTP headers deployed on their payment pages, pages that embed payment pages, or forms fully outsourced to third parties. With the new integration, customers can comply with these requirements from within AWS WAF while continuing to configure AWS WAF rules to allow, block, or monitor (count) web requests based on IP addresses, HTTP headers, HTTP body, URI strings, SQL injection, and cross-site scripting.
HUMAN Client-side Defense makes it easy to comply with these requirements during the initial deployment and for the expected ongoing security activities. Integrating with AWS allows customers who purchase Client-side Defense to click within the WAF console to log into the HUMAN Defense Platform, simplifying the customer journey, protecting their payment pages, and enabling compliance with the new requirements.
Additional capabilities this integration offers include:
- Easy deployment by embedding a single line of JavaScript code into a website
- Auto-generated script inventory enables justification, authorization, and assured integrity of all payment page scripts and alerts on HTTP header modifications
- The detailed management console shows the current PCI DSS compliance status (6.4.3 & 11.6.1) and generates audit reports on demand
- Policy rules automate script authorization workflows and enable proactive precision mitigation of risky script behaviors, such as cardholder data access
HUMAN customers using Client-side Defense include major airlines, leading online travel planning and booking platforms, and e-commerce platforms. A CISO from Top 5 Global Airline said: “The solution pays for itself by reducing our risk from client-side data breaches and helping us avoid fines and the subsequent negative impact to our brand reputation.” A Senior Security Developer, Information Security Team, at Priceline said: “HUMAN is a fantastic solution for managing business critical scripts, and addressing the new PCI DSS 4 requirements (6.4.3 & 11.6.1) with ease. It not only adds another layer of defense to our overall security posture but helps my team prioritize and reduces the need for time-intensive manual investigations and record-keeping activities.”
