Q: I’m a small merchant who has limited payment card transaction volume. Do I need to be compliant with PCI DSS?
A: All merchants, whether small or large, need to be PCI compliant. The payment brands have collectively adopted PCI DSS as the requirement for organizations that process, store or transmit payment cardholder data. PCI SSC is responsible for managing the security standards while each individual payment brand is responsible for managing and enforcing compliance to these standards.

Q: What are the deadlines for complying with PCI DSS?
A: Compliance is mandated by the payment card brands and not by the PCI Security Standards Council. However, for most merchants, the deadlines for validating compliance with the PCI DSS have already passed. You should check with your acquirer and/or merchant bank to check if any specific deadlines apply to you, based on merchant transaction volume (level) as determined by the card payment brands. All entities that transmit, process or store payment card data must be compliant with PCI DSS.

Q: Why is there a fee associated with this?
A: The amount of work that is involved and the cost associated with verifying the SAQ allows the processor to charge a small fee. Many processors are charging up to $150.00 annually.

Q: How do I Log in and complete my SAQ online? Use "Option 1" to the right. Follow the link for detailed intructions if you need assistance.

Q: How do I submit the SAQ form manually? Under "Option 2" to the right, select the appropriate SAQ form asnd download the pdf. Once filled out, fax or mail your form to indyhost.net (contact info). If you need the form mailed or faxed to you, contact our office for further assistance.