Documentation
PCI Compliance Reports: What Do SAQ, AoC, and RoC Mean?
PCI DSS Self-Assessment Questionnaire (SAQ), Attestation of Compliance (AoC), and Report on Compliance (RoC) are reports that document and prove your PCI Compliance status.
PCI SAQ
Choosing the Right PCI DSS SAQ
When you inquire, "Which SAQ is right for me?" there are 9 different SAQs that a merchant and service provider can choose from. How you process credit cards and manage cardholder data will decide which SAQ your company needs to complete.
PCI SAQ
PCI SAQ D for Service Providers and Merchants
If you are a service provider that stores credit card details, then PCI SAQ D is likely to apply to you. Service providers handling less than 300,000 card transactions can use SAQ D or submit a Compliance Report (ROC).
PCI SAQ
PCI DSS SAQ C-VT
SAQ C-VT addresses requirements for merchants that process cardholder data only through isolated virtual payment terminals on an Internet-connected personal computer.
PCI SAQ
PCI SAQ B-IP
SAQ B-IP identifies merchants who do not store card data in electronic format but use Point-of-Interaction (POI) devices connected to IP. These merchants can handle either card-present or card-not-present transactions and do not store any computer system with card data.
PCI SAQ
PCI SAQ B
SAQ B has been established to address requirements for merchants that process cardholder data through imprinting machines or standalone dial-out terminals. SAQ B merchants can either be card-present or card-not-present merchants, but on any computer system they do not store cardholder information.
PCI SAQ
PCI SAQ A-EP
PCI SAQ A-EP merchants are e-commerce merchants who partly outsource their e-commerce payment service to third parties approved by PCI DSS and do not store, process or transmit data of any cardholder on their systems or premises electronically.
Want to stay up to date with the latest news?
We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!