by Natasja Bolton, Acquirer Support Manager
Most small and medium-sized merchants rely on an online compliance portal, such as our Sysnet.air solution, to determine the appropriate SAQ for their PCI DSS self-assessment. SAQ determination is based on the merchant’s completion of a series of questions on their payment channels and payment processing methods.
For many merchants this auto selection of the SAQ is all they need to progress their compliance journey but for some ecommerce merchants – who often engage third parties such as developers, web hosting providers and payment service providers – there may be a need to better understand why their particular SAQ was selected for their ecommerce payment channel’s compliance assessment.
We find that there may be conflicts of opinion between those third parties and the PCI SSC when it comes to ecommerce SAQ selection.
In addition, larger merchants that engage directly with their acquirer to validate their compliance, do not have the advantage of the online compliance portal assisting them in the selection of their SAQ and instead have to rely on the guidance published by the PCI SSC, on advice provided by their third party service providers and they may call on their acquirer to confirm their SAQ selection.
Sysnet has produced a guide to Ecommerce SAQ Selection not only to help those merchants using online compliance portals understand why they are faced with a particular SAQ for their ecommerce PCI DSS compliance assessment but also to help you help your larger merchants select the appropriate SAQ for their ecommerce environment.
The selection of the correct ecommerce SAQ can be difficult due to the sheer variety and choice available to merchants for the hosting, platform, shopping cart, content management system or payment gateway integration of their ecommerce website. This guide seeks to present an easy-to-follow explanation of the SAQs applicable to ecommerce merchants and the criteria and features of each ecommerce SAQ.
Want to know more? Request a call back.
If you are a merchant that requires technical or PCI DSS help, please click here