From time to time on this blog I attempt to encourage, persuade, cajole, manipulate and even frighten merchants and business owners processing credit cards to get their business PCI compliant before it’s too late. But as is often the case with esoteric and unfamiliar tasks, there is still a surprising number of merchants who still haven’t taken the time look into PCI compliance for their business. Part of the reluctance to get started may be that it seems too complicated or overwhelming. For a business owner whose computer literacy ends at knowing how to send an email or google a topic, all they’ve ever needed to know how to do, the language and questions in the PCI DSS (payment card industry data security standards) must seem particularly daunting.
What you may not know if you’ve been so put off by the technical jargon is that not every merchant has to complete the same SAQ (self assessment questionnaire) for PCI compliance. There are four versions of the PCI DSS to accommodate the variety of processing methods and processing environments that differ from one business to another. The four SAQ versions are designated A, B, C, and D followed by the version number. The old 1.2 version is not valid after January 1st 2012 and any new SAQ submitted after that date must be version 2.0.
SAQ type D is the most comprehensive of the assessments and is required for all merchants processing via ecommerce or other public network and if the merchant stores sensitive authentication data in electronic format.
SAQ type C is shorter and is required for all merchants processing via a public network or whose processing system communicates via an internet protocol connection.
For more detailed information about which SAQ is right for you, see our homepage. If your business processes credit cards and is not yet or needs to re-validate PCI compliance, we can show you how to do it for free.