Organisations that accept card payments are responsible for the security of customers’ payment information and must comply with the Payment Card Industry Data Security Standard (PCI DSS). For some organisations, demonstrating compliance will be a lengthy process, but those that handle fewer than six million transactions annually may be able to demonstrate compliance by completing a self-assessment questionnaire (SAQ).
There are nine types of SAQs, so it can be difficult to determine which one is appropriate to your organisation. Completing the wrong one may mean you are no longer compliant with the PCI DSS and you will not receive an accurate assessment of your security posture.
Did you know: The details of a single credit card are worth up to $100 (about £70) on the black market, according to Symantec’s 2017 Internet Security Threat Report.
The SAQ includes a checklist related to the PCI DSS’s twelve compliance requirements. This helps organisations evaluate their security practices and make sure they are taking the necessary steps to prevent a data breach. Organisations can also use the completed assessment to demonstrate to acquiring banks that they comply with the PCI DSS.
Watch our SAQ webinar
If you want to learn more about SAQs, you should watch PCI DSS: The self-assessment questionnaire. This free webinar is hosted by a PCI DSS expert, who will guide you through the different types of SAQ and their applicability towards e-commerce and face-to-face, mail and telephone transactions.