PCI security standards apply to Hosting Providers and Merchants that accept payments
SAQ Levels
The PCI security standards have created three levels of security and compliance for merchants that use eCommerce applications (card not present). These three levels correspond to the following self-assessment questionnaires (SAQ):
- SAQ A
Integration Difficulty Level: LOW
Compliance Difficulty Level: LOW
Use InstaMed’s Recommended PCI Compliant Options
- SAQ D
Integration Difficulty Level: HIGH
Compliance Difficulty Level: HIGH
Build your own user interface and use web services without Client Side Encryption to leverage InstaMed’s payment solutions.
Read more about distinctions and impacts of SAQ levels.
SAQ A Requirements
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Identify and authenticate access to system components
- Restrict physical access to cardholder data
SAQ D Requirements
- Install and maintain a firewall configuration to protect data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder
- Encrypt transmission of cardholder data across open, public networks
- Protect all systems against malware and regularly update anti-virus software or programs
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need to know
- Identify and authenticate access to system components
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security for all personnel