Visa Checkout sdk.js sub-resource integrity hash for PCI DSS v4 6.4.3

cgwl
Newbie
Wednesday
Wednesday

Visa Checkout sdk.js sub-resource integrity hash for PCI DSS v4 6.4.3

Hello,

 

Does Visa publish an SRI hash for the Visa Checkout sdk.js Javascript asset (1)? It would be helpful in order to achieve PCI DSS v4 compliance (requirement 6.4.3).

 

Alternatively, is it safe for me to host sdk.js locally on my own web servers (vs. loading the asset in the browser from visa.com)? If so, I could generate an SRI hash of the sdk.js file myself and be sure that it isn't changed without my knowledge.

 

(1) https://assets.secure.checkout.visa.com/checkout-widget/resources/js/integration/v1/sdk.js

 

Thanks,

Chris

0 Kudos
1
53
Reply
1 REPLY 1
SyedSa
Community Moderator
Community Moderator
yesterday
yesterday

Re: Visa Checkout sdk.js sub-resource integrity hash for PCI DSS v4 6.4.3

Hi @cgwl, Thank you for reaching out. An agent will get back to you as soon as possible. Until then, if any community member knows a solution, feel free to reply in this thread.

0 Kudos
0
22
Reply