From the course: Safeguarding Customer Credit Card Data: PCI Compliance (2019)
Unlock the full course today
Join today to access over 24,000 courses taught by industry experts.
SAQs and ROCs
From the course: Safeguarding Customer Credit Card Data: PCI Compliance (2019)
SAQs and ROCs
- There are multiple different kinds of SAQs and which one is completed must be carefully established by the organization. Typically with the assistance of a PCI expert. The least exposure a merchant has is where they have a physically device which is connected to a phone line or public network. In that instance they have essentially zero exposure to the credit cards other than when the customer swipes and can do an SAQ B. If they have a physical swipe device connected to their store network, they would have to complete an SAQ B IP. Another example is a SAQ C-VT which is for a merchant who's sale team enters cards into an outsourced virtual payment terminal. For example, an accountant may enter credit cards sales directly into an online form entirely managed by their payment processor. An SAQ D includes all the controls that make up the current PCI version. This is required for merchants with significant exposure to the…