Part of establishing PCI compliance and maintaining it year in and year out is filling out an annual PCI self-assessment questionnaire (SAQ). These questionnaires are designed to accomplish two goals: to help businesses identify weaknesses that need to be dealt with and to help prove to institutions that a company is compliant. But not all companies handle credit cards in the same way, so PCI has put together nine different versions of the SAQ. The difference in length and complexity between the shortest and longest versions is extreme – 22 questions versus 329. As a result, it’s important that companies select the proper SAQ for self-assessments because choosing poorly could result in under-analysis, or alternately, a lot of unnecessary work. Below is a quick review of each SAQ version to help with proper selection.
Whenever a user dispute a credit card charge they find in their credit card history, one of the provider’s first steps is to demand that the retailer returns the value of the charge – this means chargebacks. They protect consumers from fraudulent charges, but they can also be extremely costly to the merchant.