What is EZPCISAQ.com?
A. EZPCISAQ.com was developed to present and promote awareness regarding Card Data Security and its compliance requirement.
It includes a validation tool named SAQ (Self Assessment Questionnaire), one of the requirement used to assist merchant with their PCI DSS compliance.
What is SAQ (Self Assessment Questionnaire)?
SAQ (Self Assessment Questionnaire) is a set of questions related to merchants’ business conduct in protecting credit card data securities.
Who needs to be in compliance?
All merchants, whether small or large, need to be PCI compliant. The payment brands have collectively adopted PCI DSS as a requirement for organizations that process, store or transmit payment cardholder data.
Is PCI DSS required in countries outside of the United States?
PCI DSS is a global standard of any entity that stores, processes or transmit cardholder data regardless of geographic location.
Is there a due date?
SAQ (Self Assessment Questionnaire) is an annual requirement. Existing merchants must complete and be in compliance by June 30th of each year.
What if "I" choose not to be in compliance?
If merchant choose not to be in compliance, the payment brand can fine the merchant and possibly revoke merchant’s ability to process card payment.
I am a new merchant and my account was approved after the PCI DSS Compliance due date. Will I be fined?
New merchants will have 90 days from their account approval date to be in compliance.
I just need to answer "Yes" to all the questions to be in compliance?
No, answering "Yes" to all questions can place you in the wrong merchant level/type and not compliant with PCI DSS Regulations.
Completion of PCI DSS SAQ means I am safe?
Completion of PCI DSS Compliance shows merchant understands the minimum requirement to have a safe processing environment. Merchant who enforces those requirements is considered to be in compliance.
Did my contract stated anything about PCI Compliance?
Merchant's contractual agreement states that merchant will adhere to all the rules and regulations set forth by the card payment associations and PCI DSS Compliance is one part of the operation regulations.
Is this a law?
As of 2014, a total of 47 states have enact and adopted all or part of the PCI DSS Compliance into law.
These 47 states are:
Alaska, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Florida, Georgia, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, Tennessee, Texas, Utah, Vermont, Virginia, Washington, West Virginia, Wisconsin, Wyoming, District of Columbia, Guam, Puerto Rico & Virgin Islands
What is card payment brands?
Card payment brands are Visa, MasterCard, Discover, American Express and JCB (Japan Commercial Bank).
Does PCI Compliance mean I will not get Chargeback, Retrieval issues?
No, PCI Compliance means that merchants understand and comply with the security measures needed to protect cardholder data from being stolen at merchant’s business location.
So what are Chargeback and Retrieval cases?
Chargeback and Retrievals are cases where the cardholder disputes the credit card payment given to merchant in regards to the services or goods received by cardholder.
I forgot my password.
You can reset the password by clicking on "forgot password" link located at login menu.