What is a Self-Assessment Questionnaire (SAQ) and why do I have to fill one out?
Depending on your bank, you may need to complete and sign a PCI-DSS self-assessment questionnaire to prove your compliance before starting to process payments with us. As you may know, the Payment Card Industry Data Security Standard (PCI-DSS) is recognized and followed industry-wide to protect consumer data in all types of transactions around the world. As a merchant, you will naturally come into contact with at least some consumer data. That is why it is super important to know what compliance is an how to observe it.
You will generally need to fill out one of two types of SAQs:
The PCI SAQ A, if you will be sending card payments on your website directly to us (you will not be storing the credit cards on your systems) or if you will be taking orders over the phone (or via mail). Note that in both cases, the physical card itself will not be in your possession.
Or the PCI SAQ C, if you will be accepting transactions on a Point-of-Sale (POS) device. For this questionnaire, it is assumed that the payment terminal stays online; you will not be electronically storing credit card data on any of your computers. Paper receipts are okay to print and keep.
Depending on how you will be accepting payments, you will need to fill out one questionnaire or the other (or both, if applicable). Again, depending on your bank, this may be necessary even if we will be handling all the consumer data.
However, please note that if you will be storing credit card data in your systems (only using our API), then there is a much higher level of compliance that you are obligated to show, you may be subject to compliance audits, need to perform security scans, etc. When considering all this, the fact that you may have to fill out a short questionnaire is little in comparison.