Shop Services

SAQ-D

Live Chat



     

    Are you a Payment Facilitator, Gateway, Processor, Merchant Services provider, or an ecommerce merchant looking to secure self-attestation for your PCI-DSS compliance?

    Let Cloud Armory help!

    What is a PCI SAQ?

    PCI-DSS is a security framework created and governed by the PCI Security Standards Council. It is required of organizations in business with banks and card brands (and some states) for the secure use, transmission, and storage of customer payment card information (PCI) such as PAN (personal account number) and SAD (sensitive account data). Generally PCI-DSS is enforced by a banking entity on any organization passing card data to that bank for payment facilitation/settlement. This typically includes payment processors, gateways, and any merchant passing raw/plaintext card data through their network. A PCI-DSS ROC is issued by a qualified security assessor (QSA), through the authorization of the PCI-DSS board, upon auditing your network to verify that your network is compliant with these security standards. However, organizations who do not perform these actions or perhaps only perform a fraction of these actions may only be required to perform a self assessment known as a SAQ, of which there are varying degrees of compliance (SAQ-A, SAQ-D, etc). The level of effort for a SAQ AOC (attestation of compliance) is generally lower than a PCI-DSS ROC and may not require a QSA to complete. Not sure which is for you? We can provide free guidance. Regardless of whether you’re performing a PCI-DSS ROC or SAQ AOC, we can help!

    Which SAQ is right for me?

    • SAQ A:A SAQ A is where all payment processing is outsourced, you never handle any card data. This is the simplest method and it is roughly 30 questions (as opposed to PCI-DSS for a ROC which is 700+). Generally this is for ecommerce/mail/telephone orders where no electronic storage, processing, or transmission takes place, all payments are on an offsite buy page, and no card readers are used.
    • SAQ A-EP:This is a SAQ A but where you may be involved in some level of security like passing card data through embedded forms.
    • SAQ B:This is not for ecommerce environments, there is no electronic data transmitted and the merchants use imprint machines or dial-out terminals. This isn’t common.
    • SAQ B-IP:This is a SAQ B where a PTS-approved payment terminal is used with an IP connection directly to the processor.
    • SAQ C / C-VT:This is for merchants with a virtual terminal (VT) or payment applications that have internet connectivity (C) but no electronic data storage and no ecommerce.
    • SAQ P2PE:This is for merchants using point-to-point encryption with no electronic data storage.
    • SAQ D / SAQ D for Service Providers:This is the most common SAQ and it’s basically all encompassing. In this situation, the merchant may store card data electronically, do not outsource processing, do not use a P2PE solution, but do not need a PCI-DSS ROC.
    • SAQ SPoC:This is for merchants who’ve opted to implement the controls in the SPoC instructions providers by their SPoC Solution Provider.

    Concerned about the audit process?

    We’ll maintain everything from your routine daily maintenance all the way through frequency based requirements, policy changes, scope declaration, evidence collection, interviews, and remediation until the AOC is issued, with limited effort on your end.Our network engineers will even help you reduce your costs along the way.

    Why Cloud Armory?

    Cloud Armory is a trusted and experienced AWS Partner with over a dozen AWS networks of 20+ instances under management and we’ve never failed a PCI-DSS audit whether that network was newly developed or inherited (even in the messiest of situations). We understand that your business could be entirely roadblocked by a failed audit and your success is critical to our business, so we guarantee you’ll succeed, exploring all avenues avilable and necessary.

    Your performance and up-time are critical to your bottom line and as a payment card information handler, your security is, too. We’ll evaluate your network architecture and security posture, review your service configurations for performance against stressors, stand up vulnerability scanning, antivirus, file integrity monitoring, and intrusion detection, strengthen your network security controls to the quality standards of PCI-DSS, and support your network on an ongoing basis for overall performance, regular patch management, incident response procedures, and routine maintenance.

    Pricing

    We offer 2 main methods of payment*:

    • Project Based: 2-part payment occurring at the outset of your audit and upon completion of the AOC
    • Monthly Payment Plan: The lump sum of your projected audit costs are split monthly over the course of your contract period.

    *We anticipate the cost of your audit based on past audit experiences but every your security posture may be subject to greater or lesser scrutiny just as well as evidence may be automated or manually collected. These all contribute to overall cost variance. We will gather that information at the outset in order to provide you a clearer expectation of cost. We routinely under-bill for this service, so you can come to expect value.

    Get Your Quote Or Sign-Up

    Fill out and submit the form on this page to be contacted by one of our representatives.

    Within 24 hours of submitting the request, one of our expert representatives will contact you to learn about your business and start the conversation. Learning about your business and the problems you are trying to solve will help us find the best Cloud Support solution for you.

    Not convinced yet? Check out our Case Studies Page to see more of our work.