PCI-DSS SAQ Wizard
Do you accept credit cards?
Yes
No
How do you accept the credit cards?
- Your company accepts only card-not-present (e-commerce or mail/telephone-order) transactions;
- Your company does not store, process, or transmit any cardholder data on your systems or premises, but relies entirely on a third party(s) to handle all these functions;
- Your company has confirmed that the third party(s) handling storage, processing, and/or transmission of cardholder data is PCI DSS compliant;
- Your company retains only paper reports or receipts with cardholder data, and these documents are not received electronically; and
- Your company does not store any cardholder data in electronic format.
- You are not a merchant that accepts credit cards face-to-face from a customer
- Your company uses only an imprint machine and/or uses only standalone, dial-out terminals (connected via a phone line to your processor) to take your customers' payment card information;
- The standalone, dial-out terminals are not connected to any other systems within your environment;
- The standalone, dial-out terminals are not connected to the Internet;
- Your company does not transmit cardholder data over a network (either an internal network or the Internet);
- Your company retains only paper reports or paper copies of receipts with cardholder data, and these documents are not received electronically; and
- Your company does not store cardholder data in electronic format.
- Your company's only payment processing is done via a virtual terminal accessed by an Internetconnected web browser;
- Your company's virtual terminal solution is provided and hosted by a PCI DSS validated thirdparty service provider;
- Your company accesses the PCI DSS compliant virtual terminal solution via a computer that is isolated in a single location, and is not connected to other locations or systems within your environment (this can be achieved via a firewall or network segmentation to isolate the computer
from other systems); - Your company's computer does not have software installed that causes cardholder data to be stored (for example, there is no software for batch processing or store-and-forward);
- Your company's computer does not have any attached hardware devices that are used to capture or store cardholder data (for example, there are no card readers attached);
- Your company does not otherwise receive or transmit cardholder data electronically through any channels (for example, via an internal network or the Internet);
- Your company retains only paper reports or paper copies of receipts; and
- Your company does not store cardholder data in electronic format.
- Your company has a payment application system and an Internet connection on the same device and/or same local area network (LAN);
- The payment application system/Internet device is not connected to any other systems within your environment (this can be achieved via network segmentation to isolate payment application system/Internet device from all other systems);
- Your company store is not connected to other store locations, and any LAN is for a single store only;
- Your company retains only paper reports or paper copies of receipts;
- Your company does not store cardholder data in electronic format; and
- Your company's payment application software vendor uses secure techniques to provide remote support to your payment application system.
- You are a SAQ eligible merchants who does not meet the descriptions above or
- You are a service provider defined by a payment brand as eligible to complete a SAQ
Thank you, you do not need to fill out a SAQ