Viewing posts by Garrett Stiles

Self-Assessment Questionnaire C-VT Explained

With the newest version of the PCI DSS came a new SAQ type - SAQ C-VT. This particular SAQ form is geared toward a special branch of merchant. Even though SAQ C-VT qualifying merchants use the Internet to process credit card data, they do it in such a way that most of the responsibility of security is off-loaded to a third party. In order to qualify for SAQ C-VT, merchants must use a third party virtual terminal to process all credit card transactions.

Read More

Self-Assessment Questionnaire B Explained

Self-Assessment Questionnaire B is probably the most popular of all the SAQ types provided by the PCI SSC. SAQ B applies to the majority of small business retail stores. SAQ B applies to the most basic and traditional methods of processing credit card payments. It basically addresses the simplest processing methods, from old style card imprint machines to the basic telephone dial-up card terminals. With only a few more requirements over what is needed for SAQ A, SAQ B is a simple and straight forward questionnaire for reporting your PCI compliance.

Read More

Self-Assessment Questionnaire A Explained

Self-Assessment Questionnaire A is the most basic of all the PCI validation types. It was developed to address the needs of merchants who don't personally process any card data electronically. The requirements that apply to SAQ A merchants are very few. There are only two sections from the full PCI DSS that merchants must complete, for a total of 13 questions.

Read More

PCI Self-Assessment Questionnaire Explained

For the majority of merchants (levels 2 - 4) PCI compliance can be reported through the PCI SSC Self-Assessment Questionnaires (SAQ). Essentially the SAQ is a paired down list of requirements from the full PCI Data Security Standard (DSS). One key thing to remember however, is that just because the requirement doesn't show up on the SAQ questions, doesn't mean you don't have to follow it. With that said, the way the PCI SSC has configured the SAQ forms you probably don't have to worry about it too much. As long as you are using the correct form for the way you run your business you are good to go.

Read More

Survey Says...PCI Works

I had a chance to listen to a webinar yesterday and thought I would share my thoughts on it. It was based on a new study that just came out. The study was conducted by the Merchant Acquirer's Committee (MAC) and ControlScan. Basically they sent out a survey to a bunch of acquirers, banks, ISO, processors and agents. The goal was to look at PCI compliance for level 4 merchants from the perspective of the acquirer.

Read More


Call us at (214) 556-6613 or   CONTACT US