Speak to an Expert
Emergency
Blackfoot Security Logo white

Latest Changes to PCI DSS SAQ A

The Payment Card Industry Security Standards Council (PCI SSC) released an updated SAQ A for merchants yesterday (30th January), introducing some key changes.

 Key Updates:

  • Removal of Requirements 6.4.3 and 11.6.1: These payment page security requirements have been removed from SAQ A.

  • Removal of Requirement 12.3.1: This requirement for a Targeted Risk Analysis supporting Requirement 11.6.1 has also been removed.

  • Addition of New Eligibility Criteria: Merchants must now confirm that their site is not susceptible to script-based attacks that could impact their e-commerce system(s).

Important Dates:

Two versions of SAQ A are currently available:

  • The October 2024 version remains valid until March 31, 2025.

  • The January 2025 version, incorporating these updates, is available now but takes effect on March 31, 2025, alongside PCI DSS v4.0.1.

The new version of SAQ A can be found in the PCI SSC Document Library.

If you have any questions about how these updates affect your business or you require clarification, please contact our friendly team today. 

Share this Article:

Related Articles

Hacker, Red Team, Cyber Attack
Case Studies

Inside a Red Team: The Unlocked Door in a Cyber Attack

What happens when a determined attacker targets your organisation through multiple attack vectors at once? In this real-world red team engagement, Blackfoot emulated a sophisticated threat actor targeting a major UK operator’s people, premises, email systems, and internal network. Discover how the exercise unfolded and what it revealed about the organisation’s security resilience.

Read More
Should Companies Pay Hackers?
News

Should Companies Pay Hackers?

A recent cyber incident has highlighted the difficult decisions organisations face when sensitive data is stolen. While paying a ransom may seem like the quickest way to resolve an attack, there is no guarantee that cybercriminals will delete stolen information or stop further extortion. This article explores the risks of ransomware payments and why preparation remains the best defence.

Read More

Speak to an Expert

Call us on +44 (0) 203 393 7795

Call Now

We value what our customers think of us

Blackfoot are authentic, hard-working, flexible and committed. Finding a partner who has our best interests at heart, one who tries to find solutions that work for us as a customer is like gold-dust. I now consider Blackfoot as part of my trusted partner network for any future projects.
CIOUK Challenger Bank
"As our business has expanded so quickly, we have had to learn and implement new policies, processes, controls internally and externally, upskill staff and manage 3rd parties differently, it’s been a heck of a learning curve. During the onboarding and kick off meetings the support exceeded what I was expecting. The support from Blackfoot was amazing."
I was very impressed with your project managers persistence and attention to detail. She clearly understood the technical side of the testing and was very patient and polite when chasing up due to slow / delayed responses on our side. Overall, the approach gave me confidence that the testing was being planned carefully and that Blackfoot were helping us get the best out of the plan.
Head of Information Security UK members association
"I’m pleased to have seen the account progress, I know your consultants have dedicated a lot of time to the project and I’m excited to report back to their transformation director in the new year around their latest level of data security and privacy maturity based on the investment they have made"
Programme Manager International retailer
“ I would like to add my thanks as in previous years you have really supported us and helped us to renew our certification and the entire process has been smooth and painless, we are most grateful."
IT Director International travel business

Get The Latest Industry News

We’ll keep you informed about potential risks and vulnerabilities that could impact your digital assets.