SAQ

12/28/2010

New SAQ C-VT for Merchants Using Web-Based Virtual Terminals

Computer-credit-card A new Self Assessment Questionnaire (SAQ) and Attestation of Compliance have been made available to merchants by the PCI Security Standards Council (PCI SSC). This new version, titled the SAQ C-VT, was developed for merchants that process cardholder data only through isolated virtual terminals on personal computers connected to the Internet. 

The SAQ C-VT is a trimmed down version of the SAQ C version 2.0. Rather than the SAQ C 2.0 80 requirements, the SAQ C-VT only has 51 requirements to meet to achieve compliance. In order for companies to reach PCI DSS compliance for this merchant environment, the merchant must complete the SAQ C-VT and Attestation of Compliance, then submit both items and any other requested documentation to their acquirer.

Merchants who complete the SAQ C-VT and the associated Attestation of Compliance must confirm that:

  • The company’s only payment processing is done via a virtual terminal accessed by an Internet-connected web browser.
  • The company’s virtual terminal solution is provided and hosted by a PCI DSS validated third-party service provider.
  • The company accesses the PCI DSS compliant virtual terminal solution via a computer that is isolated in a single location, and is not connected to other locations or systems within your environment.
  • The company’s computer does not have software installed that causes cardholder data to be stored.
  • The company’s computer does not have any attached hardware devices that are used to capture or store cardholder data.
  • The company does not receive or transmit cardholder data electronically through any channels.
  • Your company retains only paper reports or paper copies of receipts. 
  • Your company does not store cardholder data in electronic format.

 

From the PCI SSC:

A virtual terminal is web-browser based access to an acquirer, processor or third party service provider website to authorize payment card transactions, where the merchant manually enters payment card data via a securely connected web browser. Unlike physical terminals, virtual terminals do not read data directly from a payment card. Because payment card transactions are entered manually, virtual terminals are typically used instead of physical terminals in merchant environments with low transaction volumes.

 

Those merchants who operate browser-based terminals should welcome this new SAQ version as it offers a questionnaire that is designed for their low volume of credit card transactions. 

 

Posted at 07:01 AM in Credit Card Security, Merchant PCI Compliance, Payment Processing, SAQ | | Comments (0) | TrackBack (0)

Search Blog


Your email address:

Subscribe to RSS feed
Bookmark and Share




Resources

About PCI DSS Compliance Blog

Email Us

PCI Compliance Resources

Industry News on Twitter


Visit Element on




Categories