As a merchant accepting online payments, ensuring PCI DSS compliance is critical to safeguarding your customers and business. Partnering with Datatrans simplifies this process. Below, we explain the latest SAQ-A eligibility updates and how we help you meet evolving requirements.

📘

PCI DSS v4.0.1 Updates (Effective March 31, 2025)

The PCI SSC has streamlined SAQ-A criteria for merchants outsourcing payment processing:

Removed Requirements:

• 6.4.3 Authorization checks for scripts
• 11.6.1 Integrity checks for payment pages

These controls are now managed by PCI-certified providers like Datatrans. Until March 31, 2025, existing SAQ-A templates remain valid, with removed requirements marked as "not applicable.". With Datatrans handling script security and payment page integrity, your responsibilities are reduced starting v4.0.1.

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a globally recognized set of security standards designed to protect cardholder data and ensure secure payment environments. Developed by the Payment Card Industry Security Standards Council (PCI SSC), PCI DSS applies to any organization that collects, processes, stores, or transmits payment card information. This includes merchants, payment processors, acquirers, issuers, and service providers. Non-compliance can result in significant penalties, including fines, legal fees, forensic investigation costs, and mandatory security upgrades.

Implementing PCI DSS can be complex, especially without an existing security framework. At Datatrans, we help reduce your compliance burden by offering secure, encrypted payment solutions. By leveraging our tools, you minimize your exposure to cardholder data, significantly shrinking your PCI DSS scope.

Datatrans is a PCI DSS Level 1 Service Provider, the highest level of certification. We handle the security of cardholder data once it reaches our systems. Our environment is rigorously assessed annually by an independent QSA to ensure compliance. You are responsible for securing cardholder data before it reaches Datatrans. This includes ensuring secure data transmission and adhering to storage requirements based on your integration.

SAQ-A

Self-Assessment Questionnaire A (SAQ-A) is a form used in the context of PCI DSS compliance. It is a simplified version of the self-assessment questionnaires designed for merchants who handle cardholder data in a very limited way. Most Datatrans customers qualify for SAQ-A.

📘

Do You Qualify for SAQ-A?

Unsure if you fit into the SAQ-A category? Contact us to confirm your eligibility based on your integration and transaction volume.

To remain SAQ-A compliant or reach SAQ-A compliance, be sure to follow the following rules:

• Complete the SAQ-A questionnaire annually and retain records for three years.
• Ensure payments are processed directly on Datatrans’ forms: Customer initiated payments. All elements of your payment pages (e.g., forms, scripts) originate directly from a PCI DSS-compliant provider like us. If working via our API, double check with our team if the integration is compliant.
• Never store, process, or transmit cardholder data. Avoid custom scripts interacting with payment fields. Use tokens instead of PANs.
• Process less than 6 million annual transactions per card brand.
• Make sure your website is not vulnerable to script-based attacks that could compromise payment flows.

The latest PCI DSS SAQ-A form can be downloaded here.