PCI DSS SAQ A Changes Introduce New Eligibility Criteria
/ 1 min read
🛡️💻 PCI DSS SAQ A Changes: New Eligibility Criteria Introduced for eCommerce Merchants. The Payment Card Industry Security Standards Council (PCI SSC) has announced modifications to Self Assessment Questionnaire A (SAQ A), removing two requirements (6.4.3 and 11.6.1) aimed at preventing script tampering on eCommerce sites. While this may simplify compliance for some merchants, a new eligibility criterion mandates that merchants must confirm their sites are not susceptible to script-based attacks. Failure to meet this criterion could lead to increased compliance requirements. Merchants are advised to conduct web application testing or implement the omitted requirements across their entire site to maintain eligibility. The changes take effect on April 1, 2025, prompting merchants to reassess their compliance strategies ahead of the deadline.
