If your organisation is a merchant that processes fewer than 6 million transactions annually, or is a service provider processing fewer than 1 million transactions a year, you may be able to report your Payment Card Industry Data Security Standard (PCI DSS) compliance using a self-assessment questionnaire (SAQ).
An SAQ is a validation tool intended to allow merchants and service providers to self-audit their compliance with the PCI DSS. There are several types of SAQ, designed to meet various scenarios.
Determining which SAQ best applies to your organisation can be difficult. However, failing to get your SAQ right can put cardholder and payment card details at risk, which in turn can harm your organisation. As such, it is important to take SAQs seriously and complete them correctly.
This green paper offers practical guidance on how to identify the right SAQ to achieve full compliance with the PCI DSS.
- The different types of SAQ; and
- How to identify which SAQ(s) your organisation needs to complete