Understanding the SAQ document
A Self-Assessment Questionnaire is a validation source which can aid service providers and merchants to understand and gauge their PCI Compliance to be in par with with the Payment Card Industry Data Security Standard (PCI DSS).
A total of eight questionnaires (A, A-EP, B, B-IP, C-VT, C, D, PEP2HW) have been ruled out for each type of relevant service providers and merchants to understand where exactly they stand in the level of compliance. This helps to check if they are compliant with PCI DSS or if the organization is working towards the PCI DSS standards. SAQ A is not in relevance to face to face channels.
Overview of Self Assessment Questionnaire A
There is a lot more in choosing the right self assessment questionnaire to assist service providers and merchants corresponding to the volume of transactions involved through card payments. Validation can be accessed by the SAQ document that stands a substitute of formal audit.
Organizations that are looking forward to just stand by PCI DSS requirement then SAQ A is the best deal. If the company does not deal with much card payments then SAQ A is the best option.
Here is the list of Self assessment questionnaire that explains in detail
SAQ A merchants are much into mail/telephone based orders with card not present business that do not involve processing or transmitting card holder data through their systems in an electronic format. When the merchants outsource all the processing function of cardholder data, the service providers who work on behalf of the merchant should be PCI compliant. Its a vital note for the merchants to verify if the service providers follow and maintain SAQ A.
The merchants should adhere to the following key requirements
- Paper copies of cardholder data must be either protected or deleted
- The service provider’s compliance should be verified
Merchants are eligible to choose SAQ A with the following
- When the company deals only with mail or telephonic transactions (CARD NOT PRESENT TRANSACTIONS)
- When the company merchants outsource all the processing of cardholder data
- When all payment acceptance and processing are entirely outsourced to PCI DSS validated service providers
- When the company merchants do not have direct access over the processing and transmission of card holder.
- When the company completely depends on the third party to handle all the card data processing
- The merchant should maintain paper receipts of cardholder data
Questions asked in the Self Assessment Questionnaire A
This has the least number of questions out of all the other questionnaires
- The SAQ A just contains 14 questions to answers and if you are able to give a positive answer for all the 14 then you are through to meet the PCI Compliance standards
- The first set of 9 questions is all about security of any physical paper receipts that contains customer data and how to protect the life cycle from receipt to destruction. These questions are not applicable to merchants who do not have a physical copy of the client data.
- The other set of 5 questions is to check if the service providers are in compliance with the PCI DSS standards.