Merchants who do not need to undergo any of the Payment Card Industry Data Security Standard’s (PCI DSS) on-site data security assessments, must take the PCI DSS Self-Assessment Questionnaire (SAQ). This is designed as an authentication tool to ensure that you are compliant with the regulations that are in place.
Here at Retail Secure, not only will we help you to fill out the PCI Self-Assessment Questionnaire, but we will ensure that your business is secure enough to pass the questionnaire adequately. After all, the PCI DSS SAQ is designed to help you get a better understanding of your security status and practises, helping you to self-assess your business in order to show areas that a criminal may be able to exploit to gain access to sensitive payment data.
You have a requirement to ensure that you provide adequate network security and that you have a Cardholder Data Environment that protects sensitive payment data. This is something we can help you to achieve. When it comes to the Cardholder Data Environment, we will isolate the Local Area Network (LAN), which handles payment traffic. This guarantees that all of your network’s other traffic does not have access to the Cardholder Data Environment. This lowers the risk of a data breach by a significant degree while also ensuring you are compliant with the Self-Assessment Questionnaire.
There are many ways we will make sure your network is secure. One of the great things about our service is that we devise unique security strategies based on the merchant in question. We don’t simply operate via a one-size-fits-all approach. After all, there are many security threats to networks today, ranging from spyware and hacker attacks to zero-day attacks and viruses. We will analyse all areas of your business to determine the most effective methods to put in place. We’ll then use our extensive experience and cutting edge technology to deliver optimal results.
If you have any questions about the PCI DSS Self-Assessment Questionnaire, or you would like to discover more about what we can do for your business, please do not hesitate to give us a call.
PCI Self Assessment Questionnaire, also commonly shortened to the PCI SAQ, is a must if you are to achieve PCI compliance. This is an authentication tool that has been designed to ensure that all merchants are compliant with the requirements that are in place. It is for those who do not need to undergo any of the on-site data security assessments under the Payment Card Industry Data Security Standards (PCI DSS), which is a large proportion of businesses. With that being said, read on to discover everything you need to know about it.
Before we can delve deeper into the PCI Self Assessment Questionnaire, it is first vital to establish what PCI compliance is for those who are unaware. The PCI DSS outline 12 key requirements that all businesses need to follow if they are to achieve compliance. These requirements are designed to protect customer cardholder information, and, therefore, they are applicable to any type of business that takes payment via debit card or credit card, irrespective of how frequently they do so or what type of cards they accept. As PCI DSS is not law, a lot of companies believe that they do not have to follow it, but this is not the case. If you are not compliant, and you suffer a data breach, you can find yourself facing monumental fines. This is believed to be anything from £3,000 to £65,000, and that is simply the money you are going to owe the bank. It does not factor in the costs you will face in terms of compensation expenses, fraud losses, and fixing the security vulnerability. Thus, you really cannot afford to overlook PCI compliance at your business.
Now you know a little bit more about PCI compliance for retailers, so let’s take a look at the PCI Self Assessment Questionnaire in further depth. The questionnaire is split up based on the 12 requirements that are outlined under PCI DSS. These requirements are then divided into six broader sections. All merchants need to complete the questionnaire in full, and you need to pass every single question. There are no exceptions. If you do not answer a question, i.e. you simply leave it blank, this means that you are not compliant. A lot of retailers make the mistake of believing they can simply put down the answers they believe are correct, as opposed to providing a truthful response about their business. If you do this, you could find yourself in huge trouble. If a data breach occurs, and you are shown to not be compliant, you will be under enough scrutiny as it is. Add to this the fact that you have lied on your PCI Self Assessment Questionnaire, and you will face monumental fines and reputational damage. Instead, make an effort to achieve compliance, and you don’t have anything to worry about.
It is also worth noting that there are nine different types of PCI Self Assessment Questionnaire to choose from. You need to ensure you select the right one for your business. The questionnaire you choose is based on your ‘validation type’, i.e. the way in which your company handles credit card data. The options are – A, A-EP, B, B-IP, C-VT, C, P2PE-HW, D-MER, and D-SP. So, let’s take a look at each one. ‘A’ is for those who take cards over the phone or via e-commerce, i.e. the card is not present, and they have completely outsourced their entire cardholder data functions. A-EP is for ecommerce channels only. It’s for those who outsource payment processing, and who have a website that can influence payment transaction security although they do not directly receive cardholder information. ‘B’ is for merchants who use standalone, dial-out terminals or imprint machines without cardholder data storage. ‘B-IP’ is for merchants that use payment terminals that are PTS-approved and standalone with an IP connection to the payment processor. Again, there is no electronic cardholder information storage. ‘C-VT’ is for merchants who enter transactions one by one manually using a keyboard into a virtual terminal solution that is Internet-based, and it is hosted and provided by a third-party service provided, which is PCI DSS validated.
The ‘C’ questionnaire is for merchants that do not store cardholder data electronically and use payment application systems that are connected to the Internet. ‘P2PE-HW’ is for merchants that only use hardware payment terminals that are managed and included in a P2PE solution that is PCI SSC-listed. If you are a merchant, and you do not feel you fit into any categories that have been mentioned, then ‘D-MER’ is for you. Finally, ‘D-SP’ is for all service providers that are qualified to complete the questionnaire as defined by a payment brand. If you are still feeling a bit unsure regarding what questionnaire applies to you, don’t fret, you simply need to find an expert cyber security company that can take care of everything for you. This is exactly what you can expect with Retail Secure, as we guarantee PCI compliance for all of our customers. Thus, you can have the peace of mind that your business is compliant and the threat of a data breach is reduced considerably.
When you choose Retail Secure, you can be certain that our network security solution offers easy output to the PCI Self Assessment Questionnaire. Our cyber security service, RetailCompli, is a Level 1 PCI DSS Certified Solution, assuring you of PCI compliance. We will help you to fill in your SAQ to ensure that everything is handled correctly. You can also take advantage of our optional add-on service, legally compliant WiFi. Guest WiFi is a great way to boost profits at your business. Discover more by taking a look at our website – www.retailsecure.co.uk.