PCI DSS Req: 6.4.3 and 11.6.1
Readiness Self-Check.
In 60 seconds, see if your e-commerce environment meets the new PCI DSS requirements.
Readiness Score
PCI DSS 4.0.1
85%
READY
Req. 6.4.3
Script Integrity
Req. 11.6.1
Change Detection
SCRIPT ALERT
Unauthorized Script
cdn.tracker.io on /checkout
MONITORED
47
Scripts (24h)
What type of entity are you?
Merchant
You accept payment cards from customers for goods or services (e-commerce, retail, subscriptions)
Service Provider / Payment Processor (TPSP)
You store, process, or transmit cardholder data on behalf of merchants
How do you handle payments on your website?
SAQ A — Fully outsourced (redirect or iframe)
Redirect to TPSP or embed their form via iframe. You never touch card data. ~24 requirements.
SAQ A-EP — Your page hosts the payment form, TPSP processes
Your site controls the checkout page. Scripts on your page can impact payment security. ~140 requirements.
SAQ D — Direct processing, API, or complex architecture
You directly process, store, or transmit cardholder data. ~300+ requirements.
I’m not sure which SAQ applies
We’ll show the combined 6.4.3 & 11.6.1 checklist covering all SAQ types.
Your SAQ type
SAQ D (Service Provider) — the only SAQ for TPSPs. Covers all PCI DSS requirements plus service-provider-only obligations. Your checklist will include TPSP-specific 6.4.3 & 11.6.1 questions.
Annual card transaction volume
Level 1 — Over 6 million transactions/year
Annual ROC by QSA + quarterly ASV scans required.
Level 2 — 1 to 6 million transactions/year
Annual SAQ + quarterly ASV scans.
Level 3 — 20K to 1 million e-commerce transactions/year
Annual SAQ + quarterly ASV scans.
Level 4 — Under 20K e-commerce or up to 1M other/year
Annual SAQ + quarterly ASV scans (recommended).
Annual transaction volume (service provider)
Level 1 — Over 300,000 transactions/year
Annual ROC by QSA + quarterly ASV scans required.
Level 2 — Under 300,000 transactions/year
Annual SAQ D (Service Provider) + quarterly ASV scans.
0%
0 of 0
✓ 0✕ 0? 0