PCI Compliance Guide: Self Assessment Questionnaire 1.2

The Payment Card Industry Data Security Standard (PCI DSS) compliance policy includes all merchants and service providers who accept, capture, store, transmit, or process credit and debit card data in any way.

 

Merchants and service providers must complete a Self-Assessment Questionnaire (SAQ) to validate their compliance with PCI DSS. All new Burlington Bank Card merchants must complete an SAQ within 90 days of account activation. After completing the SAQ, new merchants will be covered by Elavon’s PCI Compliance Program.

 

There are four unique questionnaires of which new merchants must complete one.

 

Please select from the links below to learn more about the SAQ questionnaire that applies to you.

 

SAQ 1.2 A – 13 Questions – Validation Type 1

  • Card Not Present Merchants only that outsource all parts of the credit card transaction. Data is only kept in paper reports. This is not a very commonly used SAQ. Most merchants will not use this SAQ.

SAQ 1.2 B – 23 Questions – Validation Type 2

  • The merchant only accepts payment cards using an imprint machine and does not keep any card data electronically. This is paper processing. Again, not very common. Most merchants will not use this SAQ.

      SAQ 1.2 B – 23 Questions – Validation Type 3

  • Merchants who use a stand alone, dial out terminal connected to a phone line. The terminal has no internet connection and no data is stored electronically. This is a very commonly used questionnaire. Most merchants using dial up terminals through the phone will complete this SAQ. Please note that it is Validation Type 3

SAQ 1.2 C – 41 Questions – Validation Type 4

  • Payment application is connected to the internet but is not connected to any other system w/in the network. No data is stored electronically. Most merchants using IP terminals connected via an internet connection will complete this SAQ. Many ecommerce merchants processing via a gateway will also complete this SAQ. Most merchants who do not maintain internal computer networks with more than one IP will complete this SAQ.

 SAQ 1.2 D – 223 Questions – Validation Type 5

  • Any merchant that does not fit any of the above categories and any eligible service provider. Most merchants will not use this SAQ. Merchants who store card data or maintain complex networks with more than one IP might complete this SAQ.