Web Design and SEO Blog
Why Your Ecommerce Business Needs PCI Complianceby Mira Brody in Development, Security, Tools & Tips
What’s Involved In Getting Compliant
SAQ stands for Self Assessment Questionnaire. There are several different questionnaires depending on how the merchant process credit cards and three of them are specific to merchants taking credit cards online:
SAQ-A — This is the most basic level of compliance and the one that any small merchant would want to qualify in. It requires only the questionnaire for compliance, no quarterly vulnerability scans and no annual penetration test. To qualify, no credit card data can ever be seen by the merchant’s website and payments must be processed through either an iframe, or secure url belonging to a processor that is PCI compliant (such as NMI).
SAQ A-EP — This level of compliance requires quarterly vulnerability scans, and annual penetration testing. This applies when Credit card information is entered directly into the merchant website and is used primarily by larger ecommerce sites with a high volume of transactions.
SAQ D — This level of compliance applies to any site that processes credit card data in any way before transmitting it to the approved processor. SAQ D also requires annual penetration testing and quarterly scans and a much more complex questionnaire.
JTech has implemented the appropriate requirements of the PCI DSS to provide our business clients with layers of security to make it much more difficult for attackers to gain access to payment card data. We implement PCI processes to enhance defense, strengthen security and simplify compliance. If you have any questions about PCI compliance for your business, feel free to reach out.