Speak to an Expert Emergency

Latest Changes to PCI DSS SAQ A

The Payment Card Industry Security Standards Council (PCI SSC) released an updated SAQ A for merchants yesterday (30th January), introducing some key changes.

 Key Updates:

  • Removal of Requirements 6.4.3 and 11.6.1: These payment page security requirements have been removed from SAQ A.

  • Removal of Requirement 12.3.1: This requirement for a Targeted Risk Analysis supporting Requirement 11.6.1 has also been removed.

  • Addition of New Eligibility Criteria: Merchants must now confirm that their site is not susceptible to script-based attacks that could impact their e-commerce system(s).

Important Dates:

Two versions of SAQ A are currently available:

  • The October 2024 version remains valid until March 31, 2025.

  • The January 2025 version, incorporating these updates, is available now but takes effect on March 31, 2025, alongside PCI DSS v4.0.1.

The new version of SAQ A can be found in the PCI SSC Document Library.

If you have any questions about how these updates affect your business or you require clarification, please contact our friendly team today. 

Share this Article:

Related Articles

Speak to an Expert

Call us on +44 (0) 203 393 7795

We value what our customers think of us

Get The Latest Industry News

We’ll keep you informed about potential risks and vulnerabilities that could impact your digital assets.