How do PCI DSS Requirements 2 and 8 apply to SAQ A merchants?

PCI SSC has clarified new requirements 2.x and 8.x included in the SAQ A v3.2. According to the FAQ 1439 these new requirements apply to all redirection servers in Ecommerce and MOTO payment channels.

“E-commerce merchants that redirect customers from their website to a third party for payment processing will need to validate these requirements for the webserver upon which the redirection mechanism is located.”

This may cause some issues, especially if User Management processes for web servers have been outsourced to a Third Party Service Provider.

Jake Eliasz

Jake is a Chartered Lead Security Consultant with over 15 years' experience in Information Technology. Jake has performed many consultative engagements for retail, banking and government sectors in the EMEA region. Jake is currently focused on designing security controls, PCI DSS, PA DSS, ethical hacking and security risk/compliance. Prior to working for NCC Group, Jake worked as a Lead Security Consultant - QSA (Ambersail), Security Specialist (CreditCall) and Security Analyst (Symantec), where he was designing, implementing and managing various security controls for large, distributed networks. Jake has graduated from the University of Plymouth with the MSc degree in Information Security.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.