{"_id":"59dfa8f55c0bae001c2e8b1f","category":{"_id":"59dfa8f45c0bae001c2e8aea","version":"59dfa8f45c0bae001c2e8ae8","project":"57336fd5a6a9c40e00e13a0b","__v":0,"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-10-01T16:42:25.324Z","from_sync":false,"order":1,"slug":"payment-api-essentials","title":"API Usage"},"user":"560d5913af97231900938124","parentDoc":null,"project":"57336fd5a6a9c40e00e13a0b","version":{"_id":"59dfa8f45c0bae001c2e8ae8","project":"57336fd5a6a9c40e00e13a0b","__v":1,"createdAt":"2017-10-12T17:40:04.535Z","releaseDate":"2017-10-12T17:40:04.535Z","categories":["59dfa8f45c0bae001c2e8ae9","59dfa8f45c0bae001c2e8aea","59dfa8f45c0bae001c2e8aeb","59dfa8f45c0bae001c2e8aec","59dfa8f45c0bae001c2e8aed","59dfa8f45c0bae001c2e8aee","59dfa8f45c0bae001c2e8aef","59dfa8f45c0bae001c2e8af0"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"3.23. Release","version_clean":"8976.0.0-Basics","version":"8976-Basics"},"__v":0,"updates":[],"next":{"pages":[],"description":""},"createdAt":"2015-10-15T13:55:52.128Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":4,"body":"All merchants are required to comply with the Payment Card Industry (PCI) Data Security Standard (DSS). This worldwide information security standard is designed to help prevent credit card fraud by providing guidelines and controls around card data management. \n\nYou will need to submit your SAQ forms to confirm your adherence with PCI security standards. BlueSnap has partnered with [SecurityMetrics](https://www.securitymetrics.com/) to assist merchants in completing the correct SAQ.\n\nYour API implementation (i.e. [Hosted Payment Fields](/v4.0/docs/hosted-payment-fields), [Client-Side Encryption](doc:client-side-encryption), or plain unencrypted data) determines what SAQ level of compliance you will be required to follow, as shown below:\n[block:parameters]\n{\n  \"data\": {\n    \"h-0\": \"SAQ Level\",\n    \"h-1\": \"Hosted Payment Fields\",\n    \"h-2\": \"Client-Side Encryption\",\n    \"h-3\": \"Unencrypted Data\",\n    \"0-0\": \"**SAQ A**\",\n    \"3-0\": \"**SAQ D**\",\n    \"1-0\": \"**SAQ A-EP**\",\n    \"0-1\": \":white-check-mark:\",\n    \"1-1\": \"\",\n    \"1-2\": \":white-check-mark:\",\n    \"3-1\": \"\",\n    \"3-2\": \"\",\n    \"3-3\": \":white-check-mark:\",\n    \"h-4\": \"Virtual Terminal\",\n    \"2-0\": \"**SAQ C-VT**\",\n    \"2-4\": \":white-check-mark:\"\n  },\n  \"cols\": 5,\n  \"rows\": 4\n}\n[/block]\n\n[block:callout]\n{\n  \"type\": \"info\",\n  \"title\": \"SAQ Coverage\",\n  \"body\": \"If you're certified for SAQ D, you are automatically covered for all other SAQ levels. \\n\\nHowever, if you're not certified for SAQ D, you will need to submit separate SAQ forms for each BlueSnap solution you wish to use.\"\n}\n[/block]","excerpt":"","slug":"pci-compliance","type":"basic","title":"PCI Compliance"}

All merchants are required to comply with the Payment Card Industry (PCI) Data Security Standard (DSS). This worldwide information security standard is designed to help prevent credit card fraud by providing guidelines and controls around card data management.

You will need to submit your SAQ forms to confirm your adherence with PCI security standards. BlueSnap has partnered with SecurityMetrics to assist merchants in completing the correct SAQ.

Your API implementation (i.e. Hosted Payment Fields, Client-Side Encryption, or plain unencrypted data) determines what SAQ level of compliance you will be required to follow, as shown below:

SAQ Level
Hosted Payment Fields
Client-Side Encryption
Unencrypted Data
Virtual Terminal

SAQ A

:white-check-mark+:

SAQ A-EP

:white-check-mark+:

SAQ C-VT

:white-check-mark+:

SAQ D

:white-check-mark+:

SAQ Coverage

If you're certified for SAQ D, you are automatically covered for all other SAQ levels.

However, if you're not certified for SAQ D, you will need to submit separate SAQ forms for each BlueSnap solution you wish to use.