Vantage has partnered with ControlScan, an Approved Scanning Vendor (ASV) by the PCI Council and leading provider of security solutions, to provide personalized support to help simplify the PCI compliance process and to help our clients better understand the security requirements. The ControlScan system wizard will help you complete the Self Assessment Questionnaire (SAQ) and provides a help desk where representatives can address any questions you may have about the PCI complaince process.
Avoid PCI Non-Compliant penalties. Following these steps:
It is important to select the right SAQ that best applies to your organization. If you are unsure, please contact us first to discuss before you start the process.
- Swipe Terminal connected to a traditional phone line – SAQ B
- Swipe Terminal connected via the internet – SAQ C (requires scanning)
- Swipe Terminal connected via cellular wireless – SAQ B
- Virtual Terminal-Manual Entry: the merchant is manually typing in the card info – SAQ C-VT
- Virtual Terminal-Swipe Device: the merchant uses a swipe device to enter the card info – SAQ C (requires scanning)
- Virtual Terminal-Encrypted Swipe Device: using a swipe device that immediately encrypts the card data before entering it into the virtual terminal – SAQ C-VT
- POS System Processing - SAQ C (requires scanning)
Note: If your payment process uses a hosted checkout page, then select Shopping Cart as the processing method and then select Outsourced. This selection will direct you to complete SAQ A since you are not electronically capturing and transmitting card information.
- Outsourced – SAQ A
- Non-Outsourced – SAQ C (requires scanning)
- Phone / Paper processing - SAQ B
- Smartphone/Tablet connected via WiFi – SAQ C (requires scanning)
- Smartphone/Tablet connected via cellular wireless – SAQ B
Important Note on SAQ D
If you are storing card information electronically on your internal systems, you are required to complete the most complex SAQ D (requires scanning) no matter what processing method was selected above. Therefore if you are storing card data, you should contact us right away to discuss payment solutions that meet your needs while eliminating both the risk and compliance headaches that doing so creates.
Once you have completed your PCI Self Assessment Questionnaire (SAQ) you may find that your business requires vulnerability scanning. The scan is non-intrusive and does not invade your network while running.
If you need personal assistance, call ControlScan at 800-370-9180 or contact Vantage client services at 800-397-2380.
Merchants may choose to complete an SAQ on their own and can work with any PCI vendor they choose should a system scan be required. Vantage provides the ControlScan service to help our clients meet PCI compliance at a reasonable price. Merchants can opt out of using the ControlScan service, by providing a copy of their PCI Validation certificate with an alternative vendor.
Every merchant is different, some are a greater risk than others. For example, only those merchants conducting payment processing over the internet (verses dial up connections) require a system scan. As a market leader in PCI compliance, ControlScan will help your business achieve and maintain PCI compliance with the SAQ and vulnerability system scanning (Scan), both designed to uncover security gaps and provide best practices to prevent data compromise. Additional tools include a Security Policy Builder and an Internal Security Awareness training program.
Please remember, there is a difference between security and compliance. While PCI compliance is a mandated point-in-time measurement of your security readiness, the underlying security requirements must be adhered to on a daily basis. In the event of a data compromise, merchants face significant fees and fines. The PCI DSS Validation does not affect your responsibilities associated with your merchant account in the event of a data compromise.