As a registered Payment Facilitator, your responsibilities for maintaining ongoing compliance with PCI DSS are not limited to your own Service Provider validation. The acquirer and payment processor will enforce the Payment Facilitator’s requirements to annually validate the PCI compliance of its Merchants. On the contrary to the PCI Service Provider validation, Merchants may simply validate PCI compliance by completing the respective Self-Assessment Questionnaire (SAQ), per the below guidance, and submitting the completed document to the Payment Facilitator for review.
| Note: It is the Payment Facilitator'sresponsibility to document receipt and review of its Merchants’ completed PCI SAQ documents on an annual basis. These documents will be requested by the payment card brands during their annual audits of the PayFac’s acquiring bank and/or third-party payment processor. Merchants accepting E-commerce transactions should determine the appropriate SAQ document to complete based on the flow of cardholder data (CHD). |
Comments
1 comment
Hi, really interesting, what happens when the Payment Facilitator you are using doesn't want an SAQ submitted and isn't really interested in providing much guidance...? These are not small players.
Please sign in to leave a comment.