The Payment Card Industry's Data Security Standards requires Level 2-4 merchants to annually complete a Self Assessment Questionnaire (SAQ). The SAQ you are required to complete is determined by how you process credit cards and how your credit card processing systems are configured.
There are five validation types and four SAQs. The Validation Types are numeric, but not related to the Merchant Level. The SAQs are referenced by letter (A-D), with D being the most comprehensive questionnaire. The following table illustrates the various types. The second table allows you to determine which questionnaire is correct for you.
|A||This is for a card-not-present merchant (eCommerce or catalogue order) that outsources all of their credit card servicing.|
|B||This is for a card-present merchant (not eCommerce or catalogue order) that only uses imprint or direct phone for credit card servicing.|
|C||This is for a merchant that services their credit card using a computer connected to the Internet but not their internal network.|
|D||This is for everyone else (e.g., credit card servicing computer is connected to their internal network).|
You can use the questions below to determine the appropriate SAQ.
Daly Realism can help you fill out your self-validation form and design and implement your remediation efforts. A free basic self assessment questionaire is provided. This highlights areas that frequently cause problems and provide some advice for remediation.