PCI Compliance SAQ A-EP Policy Template and Requirements

December 17, 2020 • Published Categories PCI 101 Tags , , ,
SAQ A-EP Policy Template

In the last installment of the blog covering policy, we discussed SAQ A. The Self-Assessment Questionnaire (SAQ) A is designed for merchants who have outsourced relatively everything to a PCI compliant third party, and all payment pages are served from that entity. But what if … Read more

PayPal and the PCI DSS

January 28, 2016 • Published Categories Industry Topics Tags , , , , , ,

How PayPal relates to PCI compliance There is some confusion among online businesses over how PayPal payment acceptance relates to PCI compliance. You may have heard that by using PayPal, your business is not subject to the PCI DSS. The truth is, even accepting PayPal payments … Read more

PCI SAQ 3.1: E-Commerce Options Explained

January 12, 2016 • Published Categories Industry Topics Tags , , , , , ,

Confused about PCI SAQ 3.1? It’s been almost two years since the PCI Security Standards Council introduced SAQ A-EP into its self-assessment questionnaire framework, but many online businesses are still confused about whether they should validate using it. Much of the confusion is over the … Read more

Five PCI DSS 3.0 “Best Practices” About to Become Required

May 18, 2015 • Published Categories Industry Topics Tags , , , , , , ,

When PCI DSS v3.0 became effective January 1, 2015, businesses were allowed an additional six months’ leeway on a handful of requirements. During that time period, these “evolving requirements” could be considered “best practices” rather than must do’s. As of July 1, 2015, however, these … Read more

SAQ A vs. A-EP: What E-Commerce Merchants, Service Providers Need to Know Now

June 12, 2014 • Published Categories Industry Topics Tags , , , , , ,

Taking a firm stance on the security of partially outsourced e-commerce sites. When the new PCI DSS version 3.0 Self Assessment Questionnaires (SAQs) were released earlier this year, my colleagues and I closely read them to understand the potential impact on self-assessing merchants as well … Read more

New SAQ A-EP Addresses E-Commerce Merchants Using Payment Redirects

March 7, 2014 • Published Categories Industry Topics Tags , , , , , , , ,
E-commerce Merchants

The new PCI DSS version 3.0 Self Assessment Questionnaires (SAQs) are out, and after our initial look, there are some notable differences. This article focuses on the brand new “SAQ A-EP” for “Partially Outsourced E-commerce Merchants Using a Third-Party Website for Payment Processing.” NOTE: After reading … Read more