Should the merchant complete multiple SAQ, when multiple processing environments are in place ?

Cybercrime PCI today 125 99 4

Background
share close

Merchants should always contact their acquirer (merchant bank), or payment brand directly to understand their compliance validation obligations, including which SAQ they may be eligible to use. Contact details for the payment brands can be found at the end of this post.

For multiple payment channels, it may be possible for a merchant to complete a different SAQ for each payment channel, or for a single SAQ to be used that addresses all the requirements for all channels combined.

If different SAQs are used, each channel must meet the eligibility criteria for the applicable SAQ, and adequate network segmentation must be in place to isolate the different channels.

In all cases, details of the environment(s) covered by a SAQ must be documented in the Attestation of Compliance, Part 2: Executive Summary.

Contact the payment brands and/or acquirer (merchant bank) for more information about PCI compliance programs. Contact details for the payment brands are provided below:

NameWebsiteEmail
American Expresshttp://www.americanexpress.com/datasecurity  [email protected]
Discoverhttps://www.discovernetwork.com/en-us/business-resources/fraud-security/pci-rules-regulations/  [email protected]
JCBhttp://www.global.jcb/en/products/security/data-security-program/  [email protected]
MasterCardhttp://www.mastercard.com/sdp  [email protected]
Visa Canada, the U.S., Latin America and the Caribbeanhttp://www.visa.com/cisp[email protected]
Visa Europehttp://www.visaeurope.com/ais[email protected]  – for member and merchant requirements      [email protected]  – for service provider requirements  
Visa Asia Pacifichttps://www.visa.com.sg/support/small-business/security-compliance.html – for member and merchant requirements        https://www.visa.com.sg/partner-with-us/pci-dss-compliance-information.html – for service provider requirements  [email protected] – for member and merchant requirements        [email protected] – for service provider requirements
Visa Central Europe, Middle East & Africahttp://www.visa.com/cisp[email protected]
Visa PIN Security Programhttp://www.visa.com/pin 

Written by: PCI

Tagged as: , , , , , , , .

Rate it
Previous post
EN