Self-Assessment Questionnaire A Explained
Self-Assessment Questionnaire A is the most basic of all the PCI validation types. It was developed to address the needs of merchants who don't personally process any card data electronically. The requirements that apply to SAQ A merchants are very few. There are only two sections from the full PCI DSS that merchants must complete, for a total of 13 questions.
PCI Self-Assessment Questionnaire Explained
For the majority of merchants (levels 2 - 4) PCI compliance can be reported through the PCI SSC Self-Assessment Questionnaires (SAQ). Essentially the SAQ is a paired down list of requirements from the full PCI Data Security Standard (DSS). One key thing to remember however, is that just because the requirement doesn't show up on the SAQ questions, doesn't mean you don't have to follow it. With that said, the way the PCI SSC has configured the SAQ forms you probably don't have to worry about it too much. As long as you are using the correct form for the way you run your business you are good to go.
Survey Says...PCI Works
I had a chance to listen to a webinar yesterday and thought I would share my thoughts on it. It was based on a new study that just came out. The study was conducted by the Merchant Acquirer's Committee (MAC) and ControlScan. Basically they sent out a survey to a bunch of acquirers, banks, ISO, processors and agents. The goal was to look at PCI compliance for level 4 merchants from the perspective of the acquirer.