Step 5: Completing the PCI DSS Self Questionnaire

For Level 2, 3 and-in some instances-Level 4 merchants and service providers, responding to the PCI Self Questionnaire is one validation requirement that must be met.

It is divided into six sections based on the 12 PCI DSS requirements.

It serves as somewhat of a checklist, to make certain that a merchant has completed the PCI DSS security steps to protect credit card data.

The questionnaire identifies any area of non-compliance.

Preparing to Answer

In order to properly answer the questionnaire, make sure to read and review the PCI Data Security Standard.

If, after going through the PCI DSS documents, your organization already meets the PCI SSC requirements, do the following:

• Fill out the PCI Self Questionnaire.
• Convert the questionnaire to a PDF file.
• Send the document to your acquiring bank.

If your organization does not meet the PCI SSC requirements stated in the questionnaire, do the following:

• Print and distribute the questionnaire to the appropriate authorities within your organization to obtain accurate answers.
• Take the steps necessary to establish a set of correct answers.
• Complete the questionnaire.

Scoring the Questionnaire
In order to send a valid PCI Self Assessment Questionnaire, merchants/service providers have to answer all of the questions with a 'Yes' or 'N/A' in order to be compliant per the PCI DSS.
If a merchant/service provider answers 'No' to any question, the organization is deemed 'Non Compliant.'

The security threat areas identified by the questionnaire must be resolved, in conjunction with recommendations from the selected ASV or QSA.

Organizations must continue to retake the questionnaire, until all questions can be answered with a 'Yes' or 'N/A.'

Step 5: Sending the PCI DSS Questionnaire

Once the requirements have been met and the questionnaire has been completed, it should be sent to the merchant's acquiring bank alongside a successful PCI scan report from an approved scanning vendor.

As well, if the organization's acquirer or credit card brand requires other certifying documentation in addition to the questionnaire, those accompanying documents must be sent to the acquirer.

Please check with your acquirer or credit card company for more information.

Suggested Links:

• https://www.pcisecuritystandards.org/pdfs/pci_saq_v1-0.pdf
• https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf
• http://www.mastercard.com/us/sdp/merchants/merchant_requirements.html
• http://www.mastercard.com/us/sdp/serviceproviders/serviceprovider_requirements.html

Print this page

Send this page to a friend

PCI DSS: 5 Guidelines for Gaining PCI Compliance Step 1: An Introduction to PCI Compliance PCI Compliance Introduction Who Put the DSS in PCI? Step 2: Finding The PCI DSS Merchant, Service and Compliance Level Should Your Organization be Concerned about PCI Compliance? PCI DSS: The Visa CISP Program MasterCard SDA Program Defining Merchant Validation Levels Level 4 Merchant Compliance Visa PCI CAP Program Defining Service Provider Validation Levels Acquirer Responsibility Calculating Merchant Transactions PCI DSS: Visa and MasterCard Quick Reference Guide Step 3: Attaining PCI DSS Compliance-Merchant Security Audits: 12 Requirements Build and Maintain a Secure Network Protect Cardholder Data Maintain a Vulnerability Management Program Implement Strong Access Control Measures Regularly Monitor and Test Networks Step 4: Finding a PCI DSS Approved Scanning Vendor (ASV) Do You Need an ASV? Merchant and Service Provider Scanning Requirements Compliance Reporting Visa and Compliance Reporting MasterCard and Compliance Reporting Step 5: Completing the PCI DSS Self Questionnaire Completing the PCI DSS Self Questionnaire PCI Compliance Polls Are you currently PCI Compliant? Yes No Working towards compliance Why are you looking at PCI Compliance Required By Credit Card Processor Required By Bank Want to meet industry standards Looking to secure network What merchant level do you fall under for PCI Compliance? Level 1 Level 2 Level 3 Level 4 I have no idea View PCI Merchant Level Results View All PCI Compliance Poll Results EV SSL Certificate Guide Sponsored Listing: