Latest Changes to PCI DSS SAQ A

The Payment Card Industry Security Standards Council (PCI SSC) released an updated SAQ A for merchants yesterday (30th January), introducing some key changes.

Key Updates:

Removal of Requirements 6.4.3 and 11.6.1: These payment page security requirements have been removed from SAQ A.
Removal of Requirement 12.3.1: This requirement for a Targeted Risk Analysis supporting Requirement 11.6.1 has also been removed.
Addition of New Eligibility Criteria: Merchants must now confirm that their site is not susceptible to script-based attacks that could impact their e-commerce system(s).

Important Dates:

Two versions of SAQ A are currently available:

The October 2024 version remains valid until March 31, 2025.
The January 2025 version, incorporating these updates, is available now but takes effect on March 31, 2025, alongside PCI DSS v4.0.1.

The new version of SAQ A can be found in the PCI SSC Document Library.

If you have any questions about how these updates affect your business or you require clarification, please contact our friendly team today.

Share this Article:

Insights

PCI DSS: Why Employee Churn Matters

When staff leave, knowledge often leaves with them. This article explores how high staff turnover quietly undermines PCI DSS compliance, where the risks appear, and how organisations can strengthen resilience despite change.

Third Party Risk Management, Ecosystem, The Evolution

Insights

Third-Party Risk Management: The Evolution

Third-Party Risk Management is evolving as supplier ecosystems grow more complex and risks change faster than traditional operating models can respond. Effective TPRM is continuous, contextual and actively owned. Blackfoot delivers TPRM as a managed, platform-led service, providing meaningful visibility and assurance. Read the full blog to learn more.

News

Blackfoot Turns 17

Blackfoot has spent the last 17 years supporting organisations to manage cyber risk, meet regulatory requirements and adapt to an evolving threat landscape. Privately owned and fully independent, our longevity ensures our focus remains firmly on our clients.

Speak to an Expert

Call us on +44 (0) 203 393 7795

We value what our customers think of us

Blackfoot are authentic, hard-working, flexible and committed. Finding a partner who has our best interests at heart, one who tries to find solutions that work for us as a customer is like gold-dust. I now consider Blackfoot as part of my trusted partner network for any future projects.

"As our business has expanded so quickly, we have had to learn and implement new policies, processes, controls internally and externally, upskill staff and manage 3rd parties differently, it’s been a heck of a learning curve. During the onboarding and kick off meetings the support exceeded what I was expecting. The support from Blackfoot was amazing."

I was very impressed with your project managers persistence and attention to detail. She clearly understood the technical side of the testing and was very patient and polite when chasing up due to slow / delayed responses on our side. Overall, the approach gave me confidence that the testing was being planned carefully and that Blackfoot were helping us get the best out of the plan.

"I’m pleased to have seen the account progress, I know your consultants have dedicated a lot of time to the project and I’m excited to report back to their transformation director in the new year around their latest level of data security and privacy maturity based on the investment they have made"

“ I would like to add my thanks as in previous years you have really supported us and helped us to renew our certification and the entire process has been smooth and painless, we are most grateful."

Get The Latest Industry News

We’ll keep you informed about potential risks and vulnerabilities that could impact your digital assets.