How are you all preparing for the new PCI requirements which include CSP and SRI?

Forum|Forum|8 months ago
May 30, 2025
1 reply
512 views

Hey all! With the new PCI requirements coming up, I was curious with what everyones plans were with their Data Collection integrations.

Are you switching over to Self Hosting as opposed to Adobe hosting? Separating out your payment screens to avoid the concerns with SPAs?

We're trying to determine which plan forward is the correct one - and I was curious what the Community was doing!

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Michael_Soprano

Level 10

Could you explain what is PCI? It affects US market only?

TylerKrause

Author

Adobe Champion

It is the Payment Card Industry which is global.

The new enforcements as a part of PCI DSS 4.0 require integration of CSP (content security policy) which is supported cleanly by launch and also SRI (Subresource Integrity) which requires JS scripts that run to have an integrity attributed applied that matches back against a pregenerated hash.

This presents some significant challenges with a DTM like Data Collection (Launch) due to the nature of ad hoc scripts that run when users take specific actions. If you're using Adobe hosted launch, as of right now there is not a viable solution I'm aware of to be able to meet SRI Compliance - hence my reaching out to the community.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded