Every organization that accepts credit and debit cards must remain PCI compliant — regardless of the payment processing method used. This requirement exists whether you run a for-profit business or a nonprofit charity.
Failure to meet the guidelines set forth under the Payment Card Industry Data Security Standards (PCI DSS) can result in harsh penalties if and when card-related fraudulent activity occurs.
Worse still, your business or nonprofit could lose credibility.
In an age of data breaches, cardholders increasingly demand stronger protections to ensure their personal financial information remains safe from hackers and thieves. Diminished confidence in your payment processing’s security will likely lead to lost revenue.
But how do you determine whether your organization is PCI compliant?
Self-Assessment Questionnaires & PCI Validation
In order to verify your organization's PCI compliance, you must fill out an annual Self-Assessment Questionnaire (SAQ) form. This yearly validation step is mandatory — even if you currently use BluePay's highly secure PCI-compliant payment processing solutions.
Designed around a set of yes and no questions, the SAQ allows you to self-evaluate your payment processing's security readiness. And in some cases, your acquiring bank may require that you share the results of each year's assessment.
There are four different types of SAQ forms — which one to fill out depends on how you use and store credit card information:
- SAQ Form A: For e-commerce, telephone and other card-not-present purposes — and for outsourced data functions.
- SAQ Form B: For dial-up terminals and imprint-only merchants who don’t store card data electronically.
- SAQ Form C: For payment systems connected to the Internet (if data are never stored electronically).
- SAQ Form D: All other merchants who don’t meet the above.
Note that although the SAQ is an annual requirement for most businesses, you may be required to conduct quarterly scans if you regularly process credit and debit cards online. To determine if you fall under this category, contact our merchant support team today.
How Do You Take the Self-Assessment Questionnaire?
As a BluePay client, taking the annual Self-Assessment Questionnaire is easy. You can either take the SAQ on your own or with the help of BluePay's payment processing team.
1. Taking the SAQ on Your Own
To get started, visit ControlScan’s dedicated BluePay SAQ page (you’ll need to provide your BluePay Merchant ID to successfully complete the questionnaire). Toward the top of the page, you’ll notice SmartSAQ — an online validation tool that offers:
- A streamlined and intuitive interface
- A set of mandated SAQ questions listed in a logical order
- Clear illustrations and explanations of important PCI-related concepts
If you ever get stuck, you can contact ControlScan directly by email (email@example.com).
2. Taking the SAQ through BluePay
At BluePay, we can help you properly fill out your yearly Self-Assessment Questionnaire. We can also answer any questions you might have about PCI compliance and secure credit card payment processing.
To have us walk you through the steps, schedule a free consultation with our merchant support team today.
One Final SAQ Consideration
Taking the annual (or quarterly) self-assessment moves you one step closer to PCI compliance. But successful completion of the questionnaire does not automatically mean that you are PCI compliant.
If you discover vulnerabilities in your payment processing, you must take proactive steps to fix any problems. Again, failure to do so could result in hefty fines and/or lost business revenue.
We can help you troubleshoot any PCI-related issues you may have. Schedule a free appointment with our merchant support team today by clicking on the Get Started Today! button below.