PCI Compliance and SAQ level for BlueSnap solutions

Based on the BlueSnap solution you select, the table below identifies the SAQ you need to complete to meet PCI compliance requirements.

BlueSnap Solution

SAQ Level

BuyNow Hosted Payment Page SAQ A

This out‑of‑the‑box payment page offers simple SAQ A PCI compliance because all sensitive payment data is captured directly in the BlueSnap environment.

API Solutions implemented with Hosted Payment Fields SAQ A

Used in conjunction with our APIs, offering the simple SAQ A PCI compliance because all sensitive payment data is captured directly in the BlueSnap environment.

API Solutions implemented with Client-Side Encryption SAQ A‑EP

Used in conjunction with our APIs, the data captured on your server is encrypted. Because the sensitive payment data is captured within your server, the PCI compliance is SAQ A‑EP.

API Solutions implemented with clear card data SAQ D

Used in conjunction with our APIs, the data captured on your server is unencrypted. Because the sensitive payment data is captured within your server and the data is not protected by any PCI compliance reduction tools, the PCI compliance is SAQ D.

Virtual Terminal SAQ C‑VT

Virtual Terminal is a web-based application that lets you process payments received by phone, fax, and email. With Virtual Terminal, you also have access to Payment Link, which lets you generate a unique, secure link to send to your shopper. The shopper enters their payment details in the secure page.

PCI Compliance and SAQ level for BlueSnap solutions


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.