Should the merchant complete multiple SAQ, when multiple processing environments are in place ?

Cybercrime PCI today 120 99 4

Background
share close

Merchants should always contact their acquirer (merchant bank), or payment brand directly to understand their compliance validation obligations, including which SAQ they may be eligible to use. Contact details for the payment brands can be found at the end of this post.

For multiple payment channels, it may be possible for a merchant to complete a different SAQ for each payment channel, or for a single SAQ to be used that addresses all the requirements for all channels combined.

If different SAQs are used, each channel must meet the eligibility criteria for the applicable SAQ, and adequate network segmentation must be in place to isolate the different channels.

In all cases, details of the environment(s) covered by a SAQ must be documented in the Attestation of Compliance, Part 2: Executive Summary.

Contact the payment brands and/or acquirer (merchant bank) for more information about PCI compliance programs. Contact details for the payment brands are provided below:

NameWebsiteEmail
American Expresshttp://www.americanexpress.com/datasecurity  AmericanExpressCompliance@trustwave.com
Discoverhttps://www.discovernetwork.com/en-us/business-resources/fraud-security/pci-rules-regulations/  DISCCompliance@discover.com
JCBhttp://www.global.jcb/en/products/security/data-security-program/  riskmanagement@info.jcb.co.jp
MasterCardhttp://www.mastercard.com/sdp  sdp@mastercard.com
Visa Canada, the U.S., Latin America and the Caribbeanhttp://www.visa.com/cispcisp@visa.com
Visa Europehttp://www.visaeurope.com/aisdatasecuritystandards@visa.com  – for member and merchant requirements      pcidsseurope@visa.com  – for service provider requirements  
Visa Asia Pacifichttps://www.visa.com.sg/support/small-business/security-compliance.html – for member and merchant requirements        https://www.visa.com.sg/partner-with-us/pci-dss-compliance-information.html – for service provider requirements  vpssais@visa.com – for member and merchant requirements        pciagents@visa.com – for service provider requirements
Visa Central Europe, Middle East & Africahttp://www.visa.com/cisppcicemea@visa.com
Visa PIN Security Programhttp://www.visa.com/pin 

Written by: PCI

Tagged as: , , , , , , , .

Rate it
Previous post
EN