The eSkimming Security Illusion in PCI DSS

Content Security Policy and Subresource Integrity are widely referenced in PCI DSS guidance, yet many security teams question whether they truly stop modern eSkimming attacks. This session examines why these controls are often ineffective against dynamic, behavior driven client side threats such as formjacking and credential harvesting. The discussion challenges the assumption that CSP and SRI alone provide adequate protection for third party JavaScript.

The webinar reviews recent eSkimming threat research and explains where these controls were originally meant to help and where they fall short in practice. It also explores gaps in the current PCI DSS approach and outlines what stronger client side security should look like. Attendees will gain practical insight into avoiding architectural weaknesses that can undermine WebSec and AppSec programs while improving real world protection against browser based attacks.