Security and Compliance FAQs

What is PCI compliance?

The Payment Card Industry (PCI) Data Security Standard (DSS) was established in 2006 by the major card companies (Visa, Mastercard, American Express, Discover Financial Services, JCB International). All businesses that process, store, or transmit payment card data are required to implement the standard. The goal of PCI compliance is to protect commerce. As you reach compliance with the standard you are armed with a secure foundation to avoid a devastating attack from criminals, which may result in costs associated with loss of business, forensic investigations, credit monitoring, and post-breach audit and security updates.

To learn more about PCI compliance requirements, visit the SecurityMetrics PCI Learning Center.

How do I become PCI compliant?

Anyone who accepts credit card payments must comply with PCI DSS rules. All BlueSnap merchants are required to complete a SAQ (Self-Assessment Questionnaire) to comply with PCI 3.0 regulations.

  • Merchants using our Hosted Payment Fields or our BuyNow pages only need to complete SAQ-A, which is a short and simple questionnaire.
  • Merchants using client-side encryption are required to complete a longer SAQ-A-EP questionnaire.
  • Merchants using the API are evaluated based on their specific configuration.
  • Merchants using our Virtual Terminal must complete SAQ-C-VT.

These forms need to be updated yearly.

Note: If you fill out the SAQ-D form, you are covered for all other SAQ levels.

To get started today, call SecurityMetrics at (800) 557-4797 or enroll now at www.securitymetrics.com/pcidss/bluesnap.

How do BlueSnap solutions support PCI compliance?

The SAQ level you need to complete to meet PCI compliance requirements is determined by the BlueSnap solution you select. Refer to this page for more details.

Back to Top

Security and Compliance FAQs


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.