The specialized browser script security platform demonstrates effectiveness against attacks on payment pages, in line with the enhanced standards of the financial sector.
The cybersecurity company c/side, focused on protecting against client-side threats on websites, announced on May 28 the results of an independent technical evaluation conducted by the global firm VikingCloud. The report, focused on PCI DSS 4.0.1 requirements 6.4.3 and 11.6.1, concludes that c/side’s platform, when properly configured, can help organizations detect and mitigate client-side attack scenarios in online payment environments.
Starting in March 2025, all merchants and service providers are required to implement measures to inventory, monitor, and validate all scripts running in users’ browsers, especially on payment pages. In this context, c/side offers a proxy-based architecture and an agentless alternative that, according to VikingCloud, enables effective real-time responses to risks.
Real-time Inspection and Regulatory Compliance
The technical evaluation by VikingCloud included controlled testing of client-side threats, such as keyloggers and script manipulation. In its findings, it highlights that c/side’s architecture allows for real-time inspection and blocking of malicious scripts through its proxy deployment, without the need to alter the website’s code. Simultaneously, its agentless mode conducts periodic crawling-based analyses, supported by shared threat intelligence.
Both options provide monitoring, alerts, and reporting that comply with PCI DSS audit requirements, which represents a significant advantage for security and compliance teams. Additionally, the platform automatically generates weekly reports on changes in scripts and HTTP headers, simplifying communication with auditors.
Integration and Use in Real Environments
The flexible design of c/side allows it to be adopted by both large organizations and teams with limited technical resources. Its integration with compliance tools like AWS S3, Vanta, Drata, or Sprinto facilitates its incorporation into enterprise environments and external development projects.
Mike Kutlu, head of market operations at c/side, emphasized the importance of having specialized solutions: “Client-side attacks are not hypothetical threats. They are occurring daily, and companies need solutions that keep pace. VikingCloud’s evaluation provides a useful external perspective on how c/side contributes to this defense.”
Webinar for the Sector
As part of its outreach strategy, c/side and VikingCloud will hold an online seminar on June 24, where they will analyze common gaps in client-side security and the implications of PCI DSS 4.0.1 compliance.
Important Note on Compliance
Despite the positive assessment, VikingCloud clarifies that its analysis is a contracted technical review and does not equate to formal PCI DSS compliance certification or validation. Organizations remain responsible for conducting their own assessments with a Qualified Security Assessor (QSA) or other authorized entity.
With this evaluation, c/side reinforces its position as a go-to provider for protection against threats compromising the integrity of payment pages, in an environment where regulatory compliance and end-user security are priorities for the financial and e-commerce sectors.