The Payment Card Industry Self-Assessment Questionnaire (PCI SAQ) is a mandatory verification tool that all card-accepting businesses must complete in order to determine their compliance level with the PCI Data Security Standard.
Although it is a self-assessment, you are required to send the results to your payment provider to remain in good standing. This annual test is required, even if you already use a BluePay PCI-compliant payment gateway to process incoming transactions.
Which PCI SAQ Is Right for Your Business?
PCI SAQ is not a universal assessment. There are 8 separate tests available. Which one to take ultimately depends on the type of organization you run, and how you and your payment provider handle credit card data.
- A: For online and phone-based businesses that outsource their payment processing 100 percent.
- A-EP: For online and phone-based businesses that partially outsource payment processing.
- B: For businesses that connect to phone line terminals.
- B-IP: For businesses with IP-connected payment processing terminals.
- C-VT: For businesses that use virtual terminals on a single computer.
- C: For businesses that use the Internet but don’t have electronic cardholder data storage.
- P2PE-HW: For businesses that only use POS terminals equipped with point-to-point encryption (P2PE).
- D: For all other businesses that don’t fit into one of the categories above.
Note that your qualifying category from previous years may no longer be the same. This is because the PCI SAQ has undergone important changes with the adoption of PCI 3.0. There are new questions, fields and requirements that didn't exist under PCI 2.0.
Fortunately, ease of use is arguably the most important difference between PCI 2.0 and 3.0. The most recent version of PCI SAQ provides a lot more guidance, making it easier to complete the self-assessment.
What Role Does BluePay Play in the PCI Compliance Assessment?
We admit that this annual assessment can be tedious, but it's important since PCI-compliance can protect you from penalties and fraudulent losses. This is why we do everything in our power to ensure that our clients complete the assessment with as few inconveniences as possible.
We’ve provided a number of free resources to help you get started:
- You can read about our PCI compliance and what steps we take to protect your customers’ financial data.
- This FAQ Page includes some of the most common questions merchants have about payment processing security.
- Here is a useful article on PCI SAQ Forms and how to fill them out properly.
- We’ve also provided a tutorial video that walks you through the most important steps.
- When you’re ready to take the self-assessment, visit our dedicated BluePay PCI SAQ Page (hosted by ControlScan).
Still Need Help With PCI SAQ?
If you have questions about the PCI compliance assessment questionnaire or the difference between PCI 2.0 and 3.0, don't hesitate to contact our merchant services team today.
Alternatively, you can email ControlScan directly at firstname.lastname@example.org.