PCI SAQ 3.1: E-Commerce Options Explained

January 12, 2016 • Published Categories Industry TopicsTags , , , , , ,

Confused about PCI SAQ 3.1?

It’s been almost two years since the PCI Security Standards Council introduced SAQ A-EP into its self-assessment questionnaire framework, but many online businesses are still confused about whether they should validate using it. Much of the confusion is over the impact third-party hosting providers have on the e-commerce site’s PCI scope.

ControlScan has assembled a handy chart to help simplify the process of understanding which PCI SAQ 3.1 applies to the e-commerce payment acceptance method your organization uses:

3.1 SAQ Routing for the E-Commerce Merchant - ControlScan

The following set of graphics further depicts the payment card data flow in each of the 5 payment acceptance methods: SAQ 3-1 Ecommerce Options Explained-Examples-ControlScan

Looking for more PCI information?

For more information on PCI compliance self-validation, visit ControlScan.com.

Subscribe to this blog for additional tips and webinar announcements.

Leave a Comment