c/side Media Alert: What E-Commerce Businesses Must Know About Recent PCI DSS Updates

The new requirements add client-side security attestation for e-commerce merchants using third-party payment providers

SAN FRANCISCO, Feb. 06, 2025 (GLOBE NEWSWIRE) — c/side, a cybersecurity company with tools for monitoring, optimizing, and securing vulnerable browser-side third-party scripts, today highlighted new self-attestation requirements introduced in recent PCI updates ahead of the March 31, 2025, compliance deadline.

The Payment Card Industry Security Standards Council (PCI SSC) introduced significant changes to Self-Assessment Questionnaire A (SAQ A) on January 30, 2025. While SAQ A has traditionally offered a simplified compliance path for low-risk merchants not storing cardholder data, the update adds a crucial requirement: merchants must now confirm their e-commerce systems are protected against client-side script attacks to maintain their SAQ A qualification status.

“E-commerce businesses must now self-attest that their site is secure against client-side web script attacks,” said Simon Wijckmans, CEO and founder, c/side. “This change presents compliance challenges, especially for merchants relying on third-party payment providers, as many lack the expertise to assess client-side risks. Without the right protections, they may no longer qualify for SAQ A. The best way to ensure PCI DSS 4.0.1 compliance is to continuously monitor the client-side environment in real-time and stay ahead of evolving threats.”

What e-commerce merchants must know:

• Critical March 31 deadline: Merchants must verify (and attest to) their protection against client-side attacks to maintain SAQ A qualification under PCI DSS v4.0.1.
• Expanded merchant responsibility: While requirements 6.4.3 and 11.6.1 are no longer mandatory, merchants must now actively demonstrate client-side security measures.
• Hidden vulnerabilities in modern e-commerce: Third-party payment providers do not automatically protect against script manipulation, leaving payment data exposed to sophisticated attacks.
• Escalating risk environment: Client-side attacks have been rising fast and affecting merchants both large and small.

Additional resources:

• c/side blog with more detail: PCI SSC Updates SAQ A for PCI DSS 4.0.1 – What you need to know
• c/side press release on PCI compliance capabilities: c/side Launches PCI Compliance Dashboard for New PCI DSS 4.0.1 Requirements
• PCI Security Council blog: Important Updates Announced for Merchants Validating to Self-Assessment Questionnaire A

About c/side

c/side is a forward-thinking cybersecurity startup focused on browser-side detection and protection. Led by industry expert Simon Wijckmans, c/side is pioneering technologies to shield against sophisticated cyber threats, ensuring unparalleled security standards for users across the web.

Contact
Kyle Peterson
[email protected]

Disclaimer: The above press release comes to you under an arrangement with GlobeNewswire. UKNewshour.com takes no editorial responsibility for the same.