Security and Compliance FAQs

What is PCI compliance?

The Payment Card Industry (PCI) Data Security Standard (DSS) was established in 2006 by the major card companies (Visa, Mastercard, American Express, Discover Financial Services, JCB International). All businesses that process, store, or transmit payment card data are required to implement the standard. The goal of PCI compliance is to protect commerce. As you reach compliance with the standard you are armed with a secure foundation to avoid a devastating attack from criminals, which may result in costs associated with loss of business, forensic investigations, credit monitoring, and post-breach audit and security updates.

To learn more about PCI compliance requirements, visit the SecurityMetrics PCI Learning Center.

How do I become PCI compliant?

Anyone who accepts credit card payments must comply with PCI DSS rules. All BlueSnap merchants are required to complete a SAQ (Self-Assessment Questionnaire) to comply with PCI 3.0 regulations.

  • Merchants using our Hosted Payment Fields or our BuyNow pages only need to complete SAQ-A, which is a short and simple questionnaire.
  • Merchants using client-side encryption are required to complete a longer SAQ-A-EP questionnaire.
  • Merchants using the API are evaluated based on their specific configuration.
  • Merchants using our Virtual Terminal must complete SAQ-C-VT.

These forms need to be updated yearly.

Note: If you fill out the SAQ-D form, you are covered for all other SAQ levels.

To get started today, call SecurityMetrics at (800) 557-4797 or enroll now at

How do BlueSnap solutions support PCI compliance?

The SAQ level you need to complete to meet PCI compliance requirements is determined by the BlueSnap solution you select. Refer to this page for more details.

My business is HIPAA compliant – can I use BlueSnap for payment processing?

BlueSnap processes payment transactions through multiple methods, such as credit card, direct debit, or bank transfer. The Department of Health and Human Services has concluded that payment processing activities are considered an exception to the business associate standard under the HIPAA Privacy Rule. Therefore, when providing payment processing activities, BlueSnap is exempt from HIPAA compliance requirements as a business associate.

Back to Top

Updated 6 months ago

Security and Compliance FAQs

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.