Recent Searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            PCI-DSS and Self-Assessment Questionnaire (SAQ) Applicability

            Created by Richard Moore, Modified on Mon, 06 Nov 2023 at 09:37 AM by Richard Moore

            Getting Started


            There's a growing number of merchants contacting us asking for help in filling out their PCI Self-Assement Questionnaire (SAQ) forms. We can empathize with anyone going through this certification process as it is also something we have to endure every year as a mandatory part of our card processing service. Our PCI Certification accreditation information can be found here. The QSA auditors really want you to take the time and think hard about your systems and how your organization interacts with credit card data, specifically credit card numbers.


            Many of the important documents you'll need can be found on the PCI Security Standards Document Library page. A document that you will find critical in planning and determining the amount of effort you'll need.



            Finding Your Applicable Category


            Check out page 12, Selecting the SAQ and Attestation that Best Apply to Your Organization.  As they instruct, "Use the table to gauge which SAQ applies to your organization, then review the detailed descriptions to ensure you meet all the requirements for that SAQ."


            Here's a screenshot of the most recent version to give you a brief intro:



             The PCI Security Standards Document Library page contains links to each category's Self-Assessment Questionnaire.


            Applicability to E-xact


            It's critical that Merchants evaluate their whole payment solution as E-xact may only be a part of a broader payment system. For those Merchants that only use E-xact - here are some guidelines for chosing the appropriate SAQ:


            1. If the organization does not see, touch, or key-in any credit card numbers AND the only service used to take payment is the Hosted Payment Page service, then Category A may be applicable. There can be NO keying in of any credit card numbers within the Realtime Payment Manager application either through Virtual Point of Sale, Quick Key, or Recurring.
            2. If your organization is using any of the Virtual Point-of-Sale functionality including Quick Key or Recurring then Category C-VT may be the most applicable.
            3. If your organization is using our Web Service API, then Category D may be the most applicable.


            If you have any questions about E-xact's Services and applicabilities to SAQ's, send an email to our Support Team and we'll do our best to steer you. Your best reference always is to visit the PCI Security Standards Organization website and seek clarity there.


             


             





























              
              
              
              
              
              


             

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select atleast one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0