The PCI DSS SAQ – Is it Costing You?
If you are a credit or debit card processing merchant you should know – PCI DSS compliance and verification, and the SAQ or Self Assessment Questionnaire, is an annual requirement. Those merchants who forget to reverify will typically pay their payment processor non compliance fees monthly – IN ADDITION to their standard monthly PCI DSS fee. As we review statements here at XBS Global, we are seeing monthly non compliance fees that range anywhere from $10 to $50. I suspect there are merchants paying more.
The Payment Card Industry (PCI) Self Assessent Questionnaire (SAQ) has caused a lot of angst for merchants attempting to keep up with PCI DSS (Payment Card Industry Data Security Standards). The standards are proving to be a moving target and the SAQ an exercise in frustration. For the most recent information and updates merchants should definitely turn to the PCI Security Standards Council.
Card data security will not be going away. Card data references any personally identifiable data associated with the cardholder such as account numbers, social security numbers, even names, addresses, expiration dates, etc. The Sony breach in April 2011 was staggering and sobering, as was the May 2011 breach at Michael’s stores nationwide (under investigation by the US Secret Service!).
For the vast number of merchants who feel they are being squeezed by credit card processing fees – here is one you can eliminate. If you need assistance with the SAQ -call your payment processor but for pete’s sake – complete it EVERY YEAR.