How do PCI DSS Requirements 2 and 8 apply to SAQ A merchants?

PCI SSC has clarified new requirements 2.x and 8.x included in the SAQ A v3.2. According to the FAQ 1439 these new requirements apply to all redirection servers in Ecommerce and MOTO payment channels.

“E-commerce merchants that redirect customers from their website to a third party for payment processing will need to validate these requirements for the webserver upon which the redirection mechanism is located.”

This may cause some issues, especially if User Management processes for web servers have been outsourced to a Third Party Service Provider.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.