All Topics
BlueSnap.comDeveloper DocsShopper SupportStatusTalk to Sales

PCI Compliance and SAQ level for BlueSnap solutions

📘

Note

On March 31, 2025, the new PCI 4.0 requirements become effective. Requirements 6.4.3 and 11.6.1 mandate merchants to authorize and scan every script that runs on their checkout pages.

If you are currently using one of these solutions, then no further action is necessary:

  • BlueSnap Checkout with Hosted Pages (SAQ A)
  • BlueSnap Checkout with Payment Link (SAQ A)
  • BlueSnap Checkout with Virtual Terminal (SAQ C-VT)
  • BlueSnap Payment API with Hosted Fields (SAQ A)
  • BlueSnap Payment API with Client Side Encryption (SAQ A-EP)

BlueSnap ensures there are no malicious scripts running on these payment pages, or we implement a tamper-detection mechanism.

All SAQ-D merchants (clear card data users) need additional scans and monitoring to stay compliant. If you would like to know more about how BlueSnap can help you stay compliant, reach out to your account manager or our merchant support team.

Based on the BlueSnap solution you select, the table below identifies the SAQ you need to complete to meet PCI compliance requirements.

BlueSnap SolutionDescriptionSAQ Level
BlueSnap CheckoutThis payment page offers simple SAQ A PCI compliance because all sensitive payment data is captured directly in the BlueSnap environment.SAQ A
API Solutions
implemented with
Hosted Payment Fields		Used in conjunction with our APIs, offering the simple SAQ A PCI compliance because all sensitive payment data is captured directly in the BlueSnap environment.SAQ A
API Solutions
implemented with
Secured Payment Collector		Used in conjunction with our APIs, the data captured on your server is encrypted. Because the sensitive payment data is captured within your server, the PCI compliance is SAQ A‑EP.SAQ A‑EP
API Solutions
implemented with
Clear Card Data		Used in conjunction with our APIs, the data captured on your server is unencrypted. Because the sensitive payment data is captured within your server and the data is not protected by any PCI compliance reduction tools, the PCI compliance is SAQ D.SAQ D
Virtual TerminalVirtual Terminal is a web-based application that lets you process payments received by phone, fax, and email. With Virtual Terminal, you also have access to Payment Link, which lets you generate a unique, secure link to send to your shopper. The shopper enters their payment details in the secure page.SAQ C‑VT

Updated 14 days ago