The PCI Security Standards Council has updated the Self Assessment Questionnaires (SAQs) to reflect PCI DSS version 3.0 which becomes mandatory on January 1, 2015.
The next time you login to www.pcilogistics.com to validate compliance, you may notice that the SAQ criteria has changed. The system will walk you through a simple enrollment questionnaire to determine which SAQ you need to complete. If your SAQ level has not changed, there still may be additional requirements that will affect how you approach your SAQ.
One of the main changes to PCI DSS Version 3.0, was the introduction of two new SAQs; the SAQ A-EP and SAQ B-IP.
The SAQ A-EP applies to ecommerce merchants who outsource processing functions to a PCI DSS compliant third party service provider where the merchant website controls how the cardholder data is redirected to third party service providers. To be eligible, the merchant cannot store, process or transmit cardholder data on any of their systems or premises. Merchants that use Paygistix Web only for processing transactions would likely qualify for SAQ-A-EP.
The SAQ B-IP applies to merchants who process cardholder data only through standalone, PTS-approved point-of-interaction devices that have an IP connection to their payment processor and do not electronically store cardholder data. To be eligible, merchants must use an approved device such as an S80, S90, T4220, M4230 and most other IP terminals we sell (please contact us for additional information).
In an effort to make the shift to PCI DSS 3.0 as seamless as possible, Payment Logistics has worked with Control Scan, our Approved Scanning Vendor, to provide additional guidance throughout the SAQ process which can be completed online and accessed through www.pcilogistics.com. In addition, we are available to guide you through the SAQ process step-by-step. Contact our Customer Support team to set-up an SAQ appointment at 888.624.3687, M-F, 7:00am-5:30pm PST. If you are ready to get started, visit: www.pcilogistics.com.