[fusion_builder_container type="flex" hundred_percent="no" hundred_percent_height="no" hundred_percent_height_scroll="no" align_content="stretch" flex_align_items="flex-start" flex_justify_content="flex-start" flex_wrap="wrap" hundred_percent_height_center_content="yes" equal_height_columns="no" container_tag="div" hide_on_mobile="small-visibility,medium-visibility,large-visibility" status="published" spacing_medium="" spacing_small="" padding_dimensions_medium="" padding_dimensions_small="" border_sizes="" border_style="solid" box_shadow="no" box_shadow_blur="0" box_shadow_spread="0" gradient_start_color="" gradient_end_color="" gradient_start_position="0" gradient_end_position="100" gradient_type="linear" radial_direction="center center" linear_angle="180" background_position="center center" background_repeat="no-repeat" background_custom_size="" background_custom_size_medium="" background_custom_size_small="" fade="no" background_parallax="none" enable_mobile="no" parallax_speed="0.3" background_blend_mode="none" video_aspect_ratio="16:9" video_loop="yes" video_mute="yes" pattern_bg="none" pattern_custom_bg="" pattern_bg_color="" pattern_bg_style="default" pattern_bg_opacity="100" pattern_bg_size="" pattern_bg_blend_mode="normal" mask_bg="none" mask_custom_bg="" mask_bg_color="" mask_bg_accent_color="" mask_bg_style="default" mask_bg_opacity="100" mask_bg_transform="left" mask_bg_blend_mode="normal" render_logics="" logics="" absolute="off" absolute_devices="small,medium,large" sticky="off" sticky_devices="small-visibility,medium-visibility,large-visibility" sticky_transition_offset="0" scroll_offset="0" animation_direction="left" animation_color="" animation_speed="0.3" animation_delay="0" filter_hue="0" filter_saturation="100" filter_brightness="100" filter_contrast="100" filter_invert="0" filter_sepia="0" filter_opacity="100" filter_blur="0" filter_hue_hover="0" filter_saturation_hover="100" filter_brightness_hover="100" filter_contrast_hover="100" filter_invert_hover="0" filter_sepia_hover="0" filter_opacity_hover="100" filter_blur_hover="0"][fusion_builder_row][fusion_builder_column type="1_1" align_self="auto" content_layout="column" align_content="flex-start" valign_content="flex-start" content_wrap="wrap" center_content="no" column_tag="div" target="_self" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" type_medium="" type_small="" type="1_1" flex_grow_medium="" flex_grow_small="" flex_grow="" flex_shrink_medium="" flex_shrink_small="" flex_shrink="" order_medium="0" order_small="0" dimension_spacing_medium="" dimension_spacing_small="" dimension_spacing="" dimension_margin_medium="" dimension_margin_small="" dimension_margin="" padding_medium="" padding_small="" padding="" hover_type="none" border_sizes="" border_style="solid" border_radius="" box_shadow="no" dimension_box_shadow="" box_shadow_blur="0" box_shadow_spread="0" background_type="single" gradient_start_color="" gradient_end_color="" gradient_start_position="0" gradient_end_position="100" gradient_type="linear" radial_direction="center center" linear_angle="180" lazy_load="avada" background_position="left top" background_repeat="no-repeat" background_custom_size="" background_custom_size_medium="" background_custom_size_small="" background_blend_mode="none" render_logics="" sticky="off" sticky_devices="small-visibility,medium-visibility,large-visibility" absolute="off" absolute_props="" filter_type="regular" filter_hover_element="self" filter_hue="0" filter_saturation="100" filter_brightness="100" filter_contrast="100" filter_invert="0" filter_sepia="0" filter_opacity="100" filter_blur="0" filter_hue_hover="0" filter_saturation_hover="100" filter_brightness_hover="100" filter_contrast_hover="100" filter_invert_hover="0" filter_sepia_hover="0" filter_opacity_hover="100" filter_blur_hover="0" transform_type="regular" transform_hover_element="self" transform_scale_x="1" transform_scale_y="1" transform_translate_x="0" transform_translate_y="0" transform_rotate="0" transform_skew_x="0" transform_skew_y="0" transform_scale_x_hover="1" transform_scale_y_hover="1" transform_translate_x_hover="0" transform_translate_y_hover="0" transform_rotate_hover="0" transform_skew_x_hover="0" transform_skew_y_hover="0" transform_origin="" transition_duration="300" transition_easing="ease" transition_custom_easing="" motion_effects="" scroll_motion_devices="small-visibility,medium-visibility,large-visibility" animation_direction="left" animation_color="" animation_speed="0.3" animation_delay="0" min_height="" last="no" link="" border_position="all"][fusion_text columns="" rule_size="" animation_direction="left" animation_color="" animation_speed="0.3" animation_delay="0" logics="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky"] If you’ve ever heard the term SAQ (sometimes pronounced like “sack”), they are referring to a Self-Assessment Questionnaire. PCI allows merchants who only process a certain number of transactions annually to complete a SAQ. If you are a service provider and are able to self-assess, the only SAQ you are allowed to use is SAQ D (Service Provider). Merchants are required to submit one or more SAQs based on the payment channel or channels that you support. You should always get confirmation from your acquiring bank on which SAQ or SAQs they need you to submit. Especially if you have multiple payment channels. Each SAQ has a set of criteria that you must meet in order to use that SAQ. If you do not meet these criteria, you will need to use a different SAQ. If you aren’t sure, please contact your bank. For every SAQ except D, you must confirm that you do not store any cardholder data. A data discovery tool (for example, card scanning) can be used to demonstrate that you do not store cardholder data. The table below provides a quick summary of each of the SAQs. [/fusion_text][fusion_table fusion_table_type="2" fusion_table_rows="9" fusion_table_columns="3" animation_direction="left" animation_speed="0.3" animation_delay="0" hide_on_mobile="small-visibility,medium-visibility,large-visibility"] SAQ Summary of Applicable Channel Allows Storage of CHD A Card-not-present merchants that have fully outsourced all cardholder data functions to PCI DSS validated third-party service providers. No storage, processing, or transmission of cardholder data on the merchant systems or premises. No A-EP E-commerce merchants who outsource all payment processing to PCI DSS validated third parties and who have one or more websites that don't directly receive cardholder data but can impact the security of the payment transaction. No storage, processing, or transmission of cardholder data on the merchant systems or premises. No B Merchants using either imprint machines and/or standalone, dial out terminals. No electronic storage of cardholder data. No e-commerce. No B-IP Merchants using standalone PTS-approved payment terminals with an IP connection to the payment processor. No electronic storage of cardholder data. No e-commerce. No P2PE Merchants using only hardware payment terminals included in and managed via a PCI SSC listed P2PE solution. No electronic storage of cardholder data. No e-commerce. No C Merchants with payment application systems connected to the internet. No electronic storage of cardholder data. No e-commerce. No C-VT Merchants who manually enter a single transaction at a time via a keyboard into an internet-based virtual terminal solution provided and hosted by a PCI compliant third party service provider. No electronic storage of cardholder data. No e-commerce. No D All other merchants not included in the descriptions above. Merchants with multiple payment channels. Merchants that store cardholder data. If Protected [/fusion_table][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

What is a SAQ?

If you’ve ever heard the term SAQ (sometimes pronounced like “sack”), they are referring to a Self-Assessment Questionnaire.

PCI allows merchants who only process a certain number of transactions annually to complete a SAQ.

If you are a service provider and are able to self-assess, the only SAQ you are allowed to use is SAQ D (Service Provider).

Merchants are required to submit one or more SAQs based on the payment channel or channels that you support. You should always get confirmation from your acquiring bank on which SAQ or SAQs they need you to submit. Especially if you have multiple payment channels.

Each SAQ has a set of criteria that you must meet in order to use that SAQ. If you do not meet these criteria, you will need to use a different SAQ. If you aren’t sure, please contact your bank. For every SAQ except D, you must confirm that you do not store any cardholder data. A data discovery tool (for example, card scanning) can be used to demonstrate that you do not store cardholder data.

The table below provides a quick summary of each of the SAQs.

SAQ	Summary of Applicable Channel	Allows Storage of CHD
A	Card-not-present merchants that have fully outsourced all cardholder data functions to PCI DSS validated third-party service providers. No storage, processing, or transmission of cardholder data on the merchant systems or premises.	No
A-EP	E-commerce merchants who outsource all payment processing to PCI DSS validated third parties and who have one or more websites that don’t directly receive cardholder data but can impact the security of the payment transaction. No storage, processing, or transmission of cardholder data on the merchant systems or premises.	No
B	Merchants using either imprint machines and/or standalone, dial out terminals. No electronic storage of cardholder data. No e-commerce.	No
B-IP	Merchants using standalone PTS-approved payment terminals with an IP connection to the payment processor. No electronic storage of cardholder data. No e-commerce.	No
P2PE	Merchants using only hardware payment terminals included in and managed via a PCI SSC listed P2PE solution. No electronic storage of cardholder data. No e-commerce.	No
C	Merchants with payment application systems connected to the internet. No electronic storage of cardholder data. No e-commerce.	No
C-VT	Merchants who manually enter a single transaction at a time via a keyboard into an internet-based virtual terminal solution provided and hosted by a PCI compliant third party service provider. No electronic storage of cardholder data. No e-commerce.	No
D	All other merchants not included in the descriptions above. Merchants with multiple payment channels. Merchants that store cardholder data.	If Protected

What is a SAQ?

About the Author: user

Leave A Comment Cancel reply

Recent News

CCWs, Custom Testing, and INFIs – Oh My!

CryptoCurrency Security Standard (CCSS) – Certification Process in Detail

CryptoCurrency Security Standard (CCSS) – How Does the Peer Review Process Work?

Explaining the CryptoCurrency Security Standard (CCSS) Qualified Service Provider and Full System Certified Designations

CryptoCurrency Security Standard (CCSS) – Selecting a CCSS Auditor (CCSSA)

Services

What is a SAQ?

Share This Story, Choose Your Platform!

About the Author: user

Leave A Comment Cancel reply

Recent News

CCWs, Custom Testing, and INFIs – Oh My!

CryptoCurrency Security Standard (CCSS) – Certification Process in Detail

CryptoCurrency Security Standard (CCSS) – How Does the Peer Review Process Work?

Explaining the CryptoCurrency Security Standard (CCSS) Qualified Service Provider and Full System Certified Designations

CryptoCurrency Security Standard (CCSS) – Selecting a CCSS Auditor (CCSSA)

Services