SAQ (Self-Assessment Questionnaires) Consulting Service

PCI DSS self-assessment surveys (SAQs) are validation tools aimed at helping merchants and service providers report the results of their PCI DSS self-assessment. Traders and service providers fill out this form each year to evaluate PCI DSS compliance with the relevant units.

PCI DSS self-assessment surveys (SAQs) are validation tools aimed at helping merchants and service providers report the results of their PCI DSS self-assessment. Traders and service providers fill out this form each year to evaluate PCI DSS compliance with the relevant units.

The different types of SAQs are shown in the table below to help you determine which type of SAQ is best for your organization. Detailed descriptions for each SAQ are provided in the current SAQ.

TS ISO/IEC 15408 Ortak Kriterler-Common Criteria standardı ürün güvenliği alanında tüm dünyada yaygın olarak kullanılan bir standarttır.

Değerlendirme sonuçlarının sertifikasyonu, belirlenen tehditler için güvenlik ölçütlerinin yeterli olduğu ve bu ölçütlerin doğru olarak üründe uygulandığı konusunda temel bir garanti sağlamaktadır. Ortak Kriterler standardının tüm dünyada kabul görmesi ve değerlendirme sonuçlarının birçok ülkede geçerli olması ilgili taraflara yarar sağlamaktadır. TS EN ISO/IEC 15408 olarak da bilinen bu standart, bir yazılım veya sistemin güvenlik (confidentiality), erişebilirlik (availability) ve bütünlük (integrity) kriterlerine göre garanti seviyesini tanımlar.

SAQ

Açıklama

A

Cardless merchants (e-commerce or mail/phone order) that fully outsource all cardholder data functionality to PCI DSS verified third-party service providers without electronic storage, processing or transmission of cardholder data on merchant’s systems or premises.

Not valid for face-to-face channels.

A-EP

E-commerce merchants who outsource all payment transactions to PCI DSS approved third parties and do not directly receive cardholder data, but have websites that may affect the security of the payment transaction. There is no electronic storage, processing or transmission of any cardholder data in the vendor’s systems or facilities.

Applies to e-commerce channels only.

B

Merchants using only:

• Printing presses without electronic cardholder data storage; and/or

• Standalone, dial-up terminals without electronic cardholder data storage.

It does not apply to e-commerce channels.

B-IP

Merchants using only standalone, PTS-approved payment terminals with no electronic cardholder data storage, IP connection to the payment processor.

It does not apply to e-commerce channels.

C-VT

Vendors manually entering a single transaction at a time via the keyboard into an Internet-based virtual terminal solution provided and hosted by a PCI DSS-certified third-party service provider. No electronic cardholder data storage.

It does not apply to e-commerce channels.

C

Merchants with Internet-connected payment application systems, no electronic cardholder data storage.

It does not apply to e-commerce channels.

P2PE-HW

Merchants using hardware payment terminals without electronic cardholder data storage that are included in and managed through a validated, PCI SSC-listed P2PE solution.

It does not apply to e-commerce channels.

D

SAQ D for vendors: All vendors not included in the descriptions for the above SAQ types.

SAQ D for Service Providers: All service providers identified by a payment brand as eligible to complete SAQ.

CertBy provides consultancy, training, filling service and QSA Company approval service to your company on PCI DSS.

Our company, which meets all kinds of services required for PCI DSS by payment and electronic money institutions with the law numbered 6493, also provides ISO 27001 consultancy, penetration testing and secure code development trainings. For more detailed information about our services, you can reach us at info@certby.com