According to payment brand rules, all merchants and their service providers are required to comply with the PCI Data Security Standard in its entirety. Part of this compliance is the completion of a Self-Assessment Questionnaire (SAQ) and Attestation of Compliance.
Use the table below to determine which SAQ/Attestation of Compliance
applies to your business. Download the document here, complete it using
the instructions provided in the document, and keep it on file at your
place of business.
|
Type of business |
Required |
|
Card-not-present (e-commerce or mail/telephone-order) merchants, all cardholder data functions outsourced. This would never apply to face-to-face merchants. (SAQ Validation Type 1) |
A |
|
Imprint-only
merchants with no electronic cardholder data storage (SAQ Validation
Type 2), OR |
B |
|
Merchants with POS systems connected to the Internet, no electronic cardholder data storage (SAQ Validation Type 4) |
C |
|
All other merchants (not included in Types 1-4 above) and all service providers defined by a payment brand as eligible to complete an SAQ. (SAQ Validation Type 5) |
D |
If you have questions, refer to this SAQ Frequently Asked Questions (PDF: 32 KB). If your question is not answered there, contact MRA's John Mayleben at jmayleben@retailers.com or 800.366.3699.
Understanding the Compliance Process booklet
Prioritized_Approach_PCI_DSS_1_2.pdf (PDF: 1.4 MB)
