{"_id":"5c6c238ff7d5480039535598","category":{"_id":"5c6c238ff7d548003953555e","version":"5c6c238ff7d54800395355a0","project":"57336fd5a6a9c40e00e13a0b","__v":0,"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-10-01T16:42:25.324Z","from_sync":false,"order":1,"slug":"payment-api-essentials","title":"API Usage"},"user":"560d5913af97231900938124","parentDoc":null,"project":"57336fd5a6a9c40e00e13a0b","version":{"_id":"5c6c238ff7d54800395355a0","project":"57336fd5a6a9c40e00e13a0b","__v":1,"forked_from":"5beb278ac442ab0213f009cf","createdAt":"2018-04-23T14:36:48.535Z","releaseDate":"2018-04-23T14:36:48.535Z","categories":["5c6c238ff7d548003953555d","5c6c238ff7d548003953555e","5c6c238ff7d548003953555f","5c6c238ff7d5480039535560","5c6c238ff7d5480039535561","5c6c238ff7d5480039535562","5beb278ac442ab0213f00990","5c6c238ff7d5480039535563","5c3f542c12c4ac004bc51718","5c928dba4aa821001ae4f050"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"Main","version_clean":"8976.0.0-Basics","version":"8976-Basics"},"githubsync":"","__v":0,"updates":[],"next":{"pages":[],"description":""},"createdAt":"2015-10-15T13:55:52.128Z","link_external":false,"link_url":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":3,"body":"All merchants are required to comply with the Payment Card Industry (PCI) Data Security Standard (DSS). This worldwide information security standard is designed to help prevent credit card fraud by providing guidelines and controls around card data management. \n\nYou will need to submit your SAQ forms to confirm your adherence with PCI security standards. BlueSnap has partnered with [SecurityMetrics](https://www.securitymetrics.com/) to assist merchants in completing the correct SAQ.\n\nYour API implementation determines the SAQ compliance level you must follow, as shown below:\n\n* Hosted Payment Fields:  SAQ A\n* Client-Side Encryption: SAQ A-EP\n* Virtual Terminal: SAQ C-VT\n* Unencrypted Data: SAQ D\n<br />\n[block:callout]\n{\n  \"type\": \"info\",\n  \"title\": \"SAQ Coverage\",\n  \"body\": \"If you're certified for SAQ D, you are automatically covered for all other SAQ levels. \\nIf you're *not *certified for SAQ D, you must submit separate SAQ forms for each BlueSnap solution you want to use.\"\n}\n[/block]","excerpt":"","slug":"pci-compliance","type":"basic","title":"PCI Compliance"}

All merchants are required to comply with the Payment Card Industry (PCI) Data Security Standard (DSS). This worldwide information security standard is designed to help prevent credit card fraud by providing guidelines and controls around card data management.

You will need to submit your SAQ forms to confirm your adherence with PCI security standards. BlueSnap has partnered with SecurityMetrics to assist merchants in completing the correct SAQ.

Your API implementation determines the SAQ compliance level you must follow, as shown below:

  • Hosted Payment Fields: SAQ A
  • Client-Side Encryption: SAQ A-EP
  • Virtual Terminal: SAQ C-VT
  • Unencrypted Data: SAQ D

SAQ Coverage

If you're certified for SAQ D, you are automatically covered for all other SAQ levels.
If you're not certified for SAQ D, you must submit separate SAQ forms for each BlueSnap solution you want to use.