Adobe Experience Platform

TylerKrause · 5/30/25

Hey all! With the new PCI requirements coming up, I was curious with what everyones plans were with their Data Collection integrations.

Are you switching over to Self Hosting as opposed to Adobe hosting? Separating out your payment screens to avoid the concerns with SPAs?

We're trying to determine which plan forward is the correct one - and I was curious what the Community was doing!

Michael_Soprano · 5/31/25

Could you explain what is PCI? It affects US market only?

TylerKrause · 5/31/25

It is the Payment Card Industry which is global.

The new enforcements as a part of PCI DSS 4.0 require integration of CSP (content security policy) which is supported cleanly by launch and also SRI (Subresource Integrity) which requires JS scripts that run to have an integrity attributed applied that matches back against a pregenerated hash.

This presents some significant challenges with a DTM like Data Collection (Launch) due to the nature of ad hoc scripts that run when users take specific actions. If you're using Adobe hosted launch, as of right now there is not a viable solution I'm aware of to be able to meet SRI Compliance - hence my reaching out to the community.

Adobe Experience Platform

How are you all preparing for the new PCI requirements which include CSP and SRI?

Learn

Documentation

Events

Community

Support

Resources

Adobe account

Adobe