PQ Pay PCI Compliance Guide
The primary purpose of Payment Card Industry (PCI) Data Security Standards (DSS) is to ensure the secure handling and protection of customer credit card data, reducing the risk of data breaches and fraud.
To comply with the PCI standards, our processing partner, Stax, has created the PCI Toolkit which each PQ Pay merchant must complete to attest to their compliance. Within 2 weeks of your PQ Pay account activation, you will be welcome to the PCI Toolkit platform.
We have created this guide to aid you in completing the steps of the toolkit, and urge you to reach out to us at hello@intakeq.com if you have any questions on this. Additionally, the PCI Support team is available for technical assistance via the toolkit Support tab, or via email to support@pcitoolkit.com.
Step 1
The first step of the toolkit is a questionnaire that determines what category of card processing you perform. Upon completion of the Step 1 questionnaire, you will be assigned an SAQ (self-assessment questionnaire) for Step 2.
It's important that you are categorized correctly in this first step to avoid being assigned to the wrong SAQ. If you have already complete this step and believe you were categorized incorrectly, you can reset the SAQ Category in two ways:
- Reach out to the PCI support team via the Support tab of the toolkit and ask them to reset the SAQ for you.
- Go back to where your SAQ Type is listed, along with Step 1 and Step 2, etc. Clicking on your SAQ type will give you the option to retake the Step 1 questionnaire to re-assign you.
Please review the categories below to determine which SAQ you should be assigned, and then follow the instructions on completing the Step 1 questionnaire for your SAQ Category. If you belong to multiple categories, choose the option that occurs most often.
Tip: If you aren't sure which category you belong to, reach out to us at hello@intakeq.com to let us know if your own words how you obtain card data and process payments, we will be happy to identify your group for you!
To get started click "Next" under “Step 1 Information”.
SAQ A
- Ecommerce
- I have a website that I sell goods or services on and/or accept payments online
- It is hosted and managed by a PCI Compliant provider
- When credit card data is collected, it is collected on a PCI DSS validated third party website.
- For questions 5 through 9, please double check your own operations but in general these should be No.
SAQ C-VT
Here is how you'll want to answer the questions in Step 1:
- MOTO
- Virtual Terminal
- I type them in using a keyboard
- We cannot answer this for you, but can advise that card data collected via PQ is stored at the payment processor exclusively. The payment system does not allow you to see full card data.
- For questions 5 through 9, please double check your own operations but in general these should be No.
SAQ B-IP
Here is how you'll want to answer the questions in Step 1:
- Face to Face
- Stand Alone Terminal
- No
- Select WiFi or Network cable (ethernet cord) accordingly, then manually enter Dejavoo and QD2.
- We cannot answer this for you, but can advise that card data collected via PQ is stored at the payment processor exclusively. The payment system does not allow you to see full card data.
- For questions 6 through 9, please double check your own operations but in general these should be No.
Step 2
Once you have completed Step 1 and have been assigned your SAQ, you will be assigned a Step 2 questionnaire.
Step 3
You will be notified of the scan results by email and through the toolkit dashboard.
Step 4
- Reach out to the PCI support team via the Support tab of the toolkit and ask them to reset the SAQ for you.
- Go back to where your SAQ Type is listed, along with Step 1 and Step 2, etc. Clicking on your SAQ type will give you the option to retake the Step 1 questionnaire to re-assign you.
Step 5
Once you submit your attestation, your SAQ Status should move to "Confirmed"!