Understand your route to PCI DSS compliance
To understand how the PCI DSS applies to your organisation, it’s important to refer to each card payment brand’s PCI validation requirements.
As a general rule, merchants and service providers will fall into one of four levels, based on the annual volume of card data transacted. Categorisation will affect the minimum standards expected and the requirement to complete either a Self-Assessment-Questionnaire (SAQ) or Reports on Compliance (ROC). All level one merchants and service providers – organisations that process millions of transactions annually – are required to undergo an onsite assessment.
The SAQ varies and it is important to choose the most appropriate version for the payment scenario.
Which PCI SAQ is right for your organisation?
Merchants are encouraged to contact their merchant bank (acquirer) or the applicable payment brand(s) to identify the appropriate SAQ based on their eligibility. The main PCI SAQ types are listed below:
PCI SAQ A
PCI SAQ A-EP
PCI SAQ B
PCI SAQ B-IP
PCI SAQ C
PCI SAQ C-VT
PCI SAQ P2PE-HW
PCI SAQ D
More about PCI DSS compliance
For more information about PCI DSS compliance:
Get in touch
Complete the form for a prompt response from our team.