PCI Compliance Validation

All merchants must demonstrate and validate their PCI DSS compliance by completing a Self-Assessment Questionnaire (SAQ) annually and undergoing a Network Vulnerability Scan every three months.

To help your business meet its PCI DSS compliance validation requirements, we have teamed up with accredited Qualified Security Assessors (QSA) and Approved Scanning Vendors (ASV). Their vulnerability assessment and compliance management solutions provide the following benefits:

  • Scanning engine that tests for thousands of vulnerabilities
  • Online Self-Assessment Questionnaire
  • Detailed compliance status reporting
  • Vulnerability prioritization
  • Remediation services to address security vulnerabilities and achieve compliance more quickly
  • Comprehensive online support resources
  • Help desk support

Our partner in the UK and Europe is Trustwave. More information can be found at www.trustwave.com

Our partner in North America is Security Metrics. More information can be found at www.securitymetrics.com

Self-Assessment Questionnaire

There are five versions of SAQ to account for different merchant environments:

  • SAQ A: Card-not present merchants, all cardholder data functions outsourced
  • SAQ B: Merchants with only imprint machines or only stand-alone dial-out terminals. No electronic cardholder data storage
  • SAQ C-VT: Merchants using web-based virtual terminals to accept payment
  • SAQ C: Merchants with payment application systems connected to the internet, no electronic cardholder data storage
  • SAQ D: All service providers defined by a payment brand as eligible to complete an SAQ and all other merchants not included in description for SAQ types A, B, or C

Network Vulnerability Scan

The Network Vulnerability Scan is an automated, non-intrusive scan that assesses your network and web applications from the internet. The scan will identify any vulnerabilities or gaps that may allow an unauthorized or malicious user to gain access to your network and potentially compromise cardholder data.