John Elliot

Security Advisor, Jscrambler

John Elliott is a specialist in regulated security and data protection, and is a security advisor at Jscrambler. He represented both Mastercard and Visa Europe on the PCI Security Standards Council and contributed to many of the PCI standards including most recently PCI DSS v4. John has led the information security and data protection functions in aviation and financial services.

John Elliot's Events

JavaScript Integrity: The New Attack Surface

Date: Wednesday, 19 October

Track One (Tech Demos)

Tech Demos

Presented by: John Elliot, Security Advisor, Jscrambler

Our presentation demonstrates how malicious JavaScript can skim cardholder data from payment form fields. We will show how Jscrambler's Webpage Integrity protects the payment page, and therefore the consumer, by: Creating a dynamic inventory of all scripts; Monitoring, in real-time, the integrity of each script on the page, guaranteeing that all of them are performing as intended and have not been tampered with; Preventing the execution of the malicious script and defeating the attack; Alerting the website owner in and identifying the source of the malicious script. Jscrambler's Webpage Integrity meets the new requirements 6.4.3 and 11.6.1 in PCI DSS v4, which were designed to ensure the integrity of payment page scripts and to detect tampered scripts in the consumer's browser.