In this blog installment, I want to provide you with an SAQ A policy set that would cover those merchants that have outsourced all of their processing to a PCI-compliant third party. (Note that there is a significant difference between SAQ A and SAQ A-EP. … Read more
How PayPal relates to PCI compliance There is some confusion among online businesses over how PayPal payment acceptance relates to PCI compliance. You may have heard that by using PayPal, your business is not subject to the PCI DSS. The truth is, even accepting PayPal payments … Read more
Confused about PCI SAQ 3.1? It’s been almost two years since the PCI Security Standards Council introduced SAQ A-EP into its self-assessment questionnaire framework, but many online businesses are still confused about whether they should validate using it. Much of the confusion is over the … Read more
What Do Small Merchants Need to Do to Achieve PCI Compliance?. The day has come. You have received notification from your acquirer that your organization is required to submit Payment Card Industry (PCI) compliance validation. You’ve also just been informed that there are penalties – … Read more
Taking a firm stance on the security of partially outsourced e-commerce sites. When the new PCI DSS version 3.0 Self Assessment Questionnaires (SAQs) were released earlier this year, my colleagues and I closely read them to understand the potential impact on self-assessing merchants as well … Read more
The new PCI DSS version 3.0 Self Assessment Questionnaires (SAQs) are out, and after our initial look, there are some notable differences. This article focuses on the brand new “SAQ A-EP” for “Partially Outsourced E-commerce Merchants Using a Third-Party Website for Payment Processing.” NOTE: After reading … Read more