A common question on PCI compliance, “Do i need to be PCI compliant if my portal/app has a payment gateway?”

18.08.2015
|
0 Comments

PCI council has provided compliance validation tool with Self Assessment Questionnaires(SAQs) for all merchants.

These are divided into four parts A,B,C and D. These are different based on type of business.

In the same way service providers who handles or stores credit card processing on behalf of merchants also need to be PCI Compliant.

SAQ A: Addresses requirements applicable to merchants who have outsourced all processing, transmission and storage of cardholder data.

SAQ B: Created to address requirements pertinent to merchants who process cardholder data via imprint machines or stand-alone dial-up terminals only.

SAQ C: Constructed to focus on requirements applicable to merchants whose payment applications systems are connected to the Internet.

SAQ D: Designed to address requirements relevant to all service providers defined by a payment brand as eligible to complete an SAQ and those merchants who do not fall under the types addressed by SAQ A, B or C.

if an ecommerce merchant only accepts credit card payment via their website and does not handle, process and store credit card data by using an API or a hosted page, the merchant can qualify for the SAQ A, the shortest of the four. It includes roughly 20 controls and can be completed very quickly

ShareShare on FacebookShare on LinkedInTweet about this on TwitterShare on Google+Email this to someonePin on Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>