developer.authorize.net developer.cybersource.com
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Who Me Too'd this topic

looking for advice on selecting my PCI Compliance SAQ

I use the Customer Information Manager for storing customer data and capturing charges.  I capture the customer credit card through a website and then pass it through to the CIM using John Conde's PHP class. It is not stored on my system.

 

I'm having a difficult time selecting the correct Self Assessment Questionairre for my annual PCI Compliance.  Last year I registered as an A but am thinking that the CIM in this manner is an A-EP. Below are the guidelines for A vs A-EP.

 

SAQ A:

  • Merchant website is entirely hosted and managed by a PCI-compliant, third-party payment processor, OR
  • Merchant website provides an iframe or URL that redirects a consumer to a PCI-compliant, third-party payment processor, where no elements of the page originate from the merchant website.

SAQ A-EP:

  • Merchant website creates a payment form and “direct posts” payment data to PCI-compliant, third-party payment processor, OR
  • Merchant website provides an iframe or URL that redirects a consumer to a PCI-compliant, third-party payment processor, BUT some elements of the payment page originate from the merchant website.  (Elements would be JavaScript, CSS or any functionality that supports how the payment page is created.)

Does anyone have any thoughts, comments or suggestion?

 

1 person had this problem.
pberce
Contributor

‎03-24-2015 11:41 AM

0 Kudos
Who Me Too'd this topic
Copyright © 2024 Khoros, LLC