Wednesday, December 1, 2010

New SAQ C and C-VT

As I noted earlier, the PCI Council has released updated Self-Assessment Questionnaires (SAQs) as part of version 2.0. Of greatest interest to many Higher Ed merchants (and actually a whole lot of merchants!) will be the new SAQ C.

The first thing you should know is that it comes in two flavors: SAQ C and SAQ C-VT for virtual terminal users.

The second thing you should know is that my colleague Kat Valentine has produced an analysis of the two new SAQs. Rather than rehash what she has done so well, let me suggest you surf over to her 403 Labs Blog post (click here) and read her analysis. It is thorough and thoughtful.

As most of you know, SAQ C is notoriously difficult to qualify to use. Things have gotten a bit better, but it still is no cakewalk. The same goes for SAQ C-VT. However, if you do qualify it is a whole lot better than SAQ D.

Have a careful read of Kat's analysis, and take a fresh look at your own situation.

No comments:

Post a Comment