Confused about PCI SAQ 3.1?
It’s been almost two years since the PCI Security Standards Council introduced SAQ A-EP into its self-assessment questionnaire framework, but many online businesses are still confused about whether they should validate using it. Much of the confusion is over the impact third-party hosting providers have on the e-commerce site’s PCI scope.
ControlScan has assembled a handy chart to help simplify the process of understanding which PCI SAQ 3.1 applies to the e-commerce payment acceptance method your organization uses:
The following set of graphics further depicts the payment card data flow in each of the 5 payment acceptance methods: SAQ 3-1 Ecommerce Options Explained-Examples-ControlScan
Looking for more PCI information?
For more information on PCI compliance self-validation, visit ControlScan.com.
Subscribe to this blog for additional tips and webinar announcements.