Re: Visa Checkout sdk.js sub-resource integrity hash for PCI DSS v4 6.4.3

Solved! Go to solution
cgwl
Dabbler
a month ago
a month ago

Visa Checkout sdk.js sub-resource integrity hash for PCI DSS v4 6.4.3

Hello,

 

Does Visa publish an SRI hash for the Visa Checkout sdk.js Javascript asset (1)? It would be helpful in order to achieve PCI DSS v4 compliance (requirement 6.4.3).

 

Alternatively, is it safe for me to host sdk.js locally on my own web servers (vs. loading the asset in the browser from visa.com)? If so, I could generate an SRI hash of the sdk.js file myself and be sure that it isn't changed without my knowledge.

 

(1) https://assets.secure.checkout.visa.com/checkout-widget/resources/js/integration/v1/sdk.js

 

Thanks,

Chris

0 Kudos
2
910
Reply
2 REPLIES 2
SyedSa
Community Moderator
Community Moderator
a month ago
a month ago

Re: Visa Checkout sdk.js sub-resource integrity hash for PCI DSS v4 6.4.3

Hi @cgwl, Thank you for reaching out. An agent will get back to you as soon as possible. Until then, if any community member knows a solution, feel free to reply in this thread.

0 Kudos
0
879
Reply
DianaVisaPM
Visa Developer Support Specialist
Visa Developer Support Specialist
2 weeks ago
2 weeks ago

Re: Visa Checkout sdk.js sub-resource integrity hash for PCI DSS v4 6.4.3

Hey @cgwl,

 

Visa does not currently publish an SRI (Subresource Integrity) hash for the Visa Checkout `sdk.js` JavaScript asset.

 

As an alternative, hosting the `sdk.js` file locally on your own web servers is not recommended. This is because hosting the file locally could lead to potential security and functionality issues, as you may miss critical updates or changes made by Visa that are essential for the secure and proper functioning of the SDK.

 

To ensure compliance with PCI DSS v4 requirement 6.4.3 and maintain the integrity and security of the Visa Checkout integration, it is advised to always load the `sdk.js` asset directly from Visa's servers. This ensures that you are using the most up-to-date and secure version of the SDK.

 

For further assistance or specific security concerns, you may contact Visa's support team through the developer portal at [Visa Developer Support](https://developer.visa.com/pages/support).

 




Thanks,

Diana



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

0
498
Reply