Any merchant that has applied to use our payment solutions and acquiring will need to fill out the relevant form
There are 4 forms available SAQ-A, SAQ B-IP, SAQ P2PE and SAQ-C-VT which are downloaded via this page below and are dependent the type of payment solutions you plan on using
POS Terminals that are Point-to-Point Encryption (P2PE) certified to process payments with secure cardholder data storage
Applicable products: All of our terminals are P2PE certified, so use this form if you have a Nexgo N86, Verifone T650p, A920Pro, A80, A77, S300, S800, S900, Q25, Sunmi P2 LITE SE, Sunmi P2 PRO, Sunmi P2 SMARTPAD, SmartOne Bank Pro, Xenteo Eco (and Yoneo readers), or IM30, as part of the P2PE axept solution that stores cardholder data
Download the SAQ P2PE form here
Standalone, IP-Connected, PTS Point-of-Interaction (POI) - A920 Payment Terminals connected to your internet (4G, Wi-Fi, Ethernet)
We only have one payment terminal, the A920, that processes Standalone, IP-Connected, PTS, Point-of-Interaction (POI) transactions, so please fill out this form if you use the A920 ONLY.
NOTE: The A920 is a different, older legacy payment terminal than our more common A920Pro and was not provided in a P2PE certified way, so you'll need to complete the longer SAQ B-IP form for this device.
Download the SAQ B-IP form here
Please use SAQ-A for Website Payments. This applies to merchants using our Online Payment Solutions to accept payment via their website.
Criteria: Merchants using our Website Payments checkout solution or Hosted Fields, that have fully outsourced all cardholder data functions to PCI DSS validated third-party service providers
Download the SAQ-A form here
You don't need to complete an SAQ if you're using Payment Links
Please use SAQ-C-VT for Virtual Terminal payments. This applies to merchants using the Virtual Terminal via our Merchant Portal to accept payment over the phone
Download the SAQ-C-VT form here
Merchants who use a combination of Online Payments and POS Terminals should fill out all the relevant SAQ forms for each payment solution:
POS Terminals that are Point-to-Point Encryption (P2PE) certified (all of our POS terminals) to process payments with secure cardholder data storage
Download the SAQ P2PE form here
Standalone, IP-Connected, PTS Point-of-Interaction (POI) - A920 Payment Terminals
Download the SAQ B-IP form here
Online Payments via a website:
Complete SAQ-A if they're using our Website Payments checkout, but
Download the SAQ-A form here
Payment Links:
You don't have to fill out an SAQ if you use Payment Links.
Virtual Terminal:
Merchants who also use the Virtual Terminal should also download and complete the SAQ-C-VT form here
From the above types, download the form that applies to your payment solution, print it and fill out the relevant sections of the form
Send us the signed, completed form to SAQenquiries@dnapaymentsgroup.com or simply click the Get in touch button below and attach it
The PCI DSS Self-Assessment Questionnaire (PCI SAQ) is a list of security standards that merchants must review and follow as s security measure needed to keep Cardholder Data secure. The SAQ is made up of questions that assess all 12 PCI DSS requirements. The SAQ is dependent on methods and level of transactions by each merchant.
Different SAQ types are described below
- SAQ-A. This applies to merchant onboarded for Website Payments via a checkout page
- SAQ B-IP. Your device is an A920 that connects using IP (Internet Protocol - or uses Wi-Fi, 4G, Ethernet) then please SAQ B-IP. This applies to merchants using PTS-approved point-of-interaction (POI) payment terminals (connected via IP to the payment processor). These PTS-approved point-of-interaction (POI) devices are listed on the PCS SSC website. The approved devices are segmented from any other systems and do not rely on any other devices to connect to the payment processor.
- SAQ P2PE. All of our terminals are P2PE certified to process transactions, so please fill this form out if you have a Nexgo N86, Verifone T650p, A920Pro, A80, A77, S300, S800, S900, Q25, Sunmi P2 LITE SE, Sunmi P2 PRO, Sunmi P2 SMARTPAD, SmartOne Bank Pro, Xenteo Eco (and Yoneo readers), or IM30, as part of the P2PE axept solution that stores cardholder data, unless you are using our older A920 terminal, which requires the longer SAQ B-IP
- SAQ-C-VT. This applies to Virtual Terminal users for payment over the phone.
To summarise, PCI DSS is there to help protect you, your business and your customers' data
PCI DSS SAQ stands for: 'Payment Card Industry Data Security Standard Self-assessment Questionnaire', and any merchant applying to use our payment solutions will need to download, complete and submit the relevant form
PCI DSS covers key aspects of security systems and applications including access control, vulnerability management, penetration testing, and intrusion detection. This aspect of security mainly protects credit card data and evasion of payment cardholder data.
Also, maintaining PCI compliance improve your organisation security posture, promote software integrity and cross-functional software security awareness, adoption, and efficiencies
However, non-compliance significantly increases the likelihood of data breaches and unauthorised access to Cardholder Data. PCI non-compliance can lead to organisations facing fines from payment processors. The fines ranges from £5000 to £100,000 a month depending on the size of the corporation and the seriousness of the non-compliance.
Should you require help at any stage of the process do not hesitate to contact us