API FONDYVersion 1.0

PCIDSS SAQ A, A-EP, D compliance

There are three Self-Assessment Questionnaire (SAQ) types within the new PCI DSS 3.0 standard available for ecommerce websites. They are titled A, A-EP (electronic processing), and D.

Merchant

level

No of transactions

annualy

RedirectIframeDirect POSTJavaScriptXMLOther
1Over 6 millionRoCARoCARoCA-EPRoCA-EPRoCRoC
21 – 6 millionSAQ ASAQ ASAQ A-EPSAQ A-EPSAQ DSAQ D
320 000 – 1 millionSAQ ASAQ ASAQ A-EPSAQ A-EPSAQ DSAQ D
4Under 20 000SAQ ASAQ ASAQ A-EPSAQ A-EPSAQ DSAQ D

RoCA – Partial Report on Compliance validating the scope, eligibility, and requirements listed in SAQ A

RoCA-EP – Partial Report on Compliance validating the scope, eligibility, and requirements listed in SAQ A-EP

To identify which type is required, merchant should analyze several factors.

SAQ A

If your website uses an iFrame or Hosted Page implementation, you will be responsible for complying with SAQ A. In this case, the user is taken to a payment page that is hosted by the service provider. This can be done by introducing a redirect, where the user is taken to another page (i.e., hosted page), or can happen on the same page in the form of an iFrame.

You can find description of hosted page and iFrame implementation scheme in out API documentation:

  1. Interaction scheme A (with customer redirection to payment page)
  2. Interaction scheme B (with host-to-host request to obtain payment page URL)

SAQ A-EP
If merchant web site is hosting credit card form, it is required to comply with SAQ A-EP. This SAQ is applied if merchant uses a Direct Post or JavaScript card form implementation. In either case, you are capturing the information via your own form, using actions and methods to push to an API. Solution like client-side encryption or tokenization can help merchants to comply with SAQ A-EP.

N.B.! Neither SAQ A nor SAQ A-EP allows merchant to store or transmit credit card data through own servers and network.

You can find description on how to use tokenization technology in our documentation here.

 

 

Connect to FONDY and learn more!