The Payment Card Industry Security Standards Council (PCI SSC) released an updated SAQ A for merchants yesterday (30th January), introducing some key changes.
Key Updates:
-
Removal of Requirements 6.4.3 and 11.6.1: These payment page security requirements have been removed from SAQ A.
-
Removal of Requirement 12.3.1: This requirement for a Targeted Risk Analysis supporting Requirement 11.6.1 has also been removed.
-
Addition of New Eligibility Criteria: Merchants must now confirm that their site is not susceptible to script-based attacks that could impact their e-commerce system(s).
Important Dates:
Two versions of SAQ A are currently available:
-
The October 2024 version remains valid until March 31, 2025.
-
The January 2025 version, incorporating these updates, is available now but takes effect on March 31, 2025, alongside PCI DSS v4.0.1.
The new version of SAQ A can be found in the PCI SSC Document Library.
If you have any questions about how these updates affect your business or you require clarification, please contact our friendly team today.