Blog Home

Sage Payments and PCI Compliance SAQ Types

By Brian Seidel, President/CEO of Website Pipeline, Inc.

Let me start with this general disclaimer: I am not qualified to give professional advice on PCI-compliance… this is just my personal interpretation based on Website Pipeline going through the process of becoming a PCI DSS compliant service provider.


  • Any merchant transacting credit cards has to be PCI DSS compliant – this is not a law, it is part of your contract terms with the CC companies (MasterCard and Visa).
  • A company or software package cannot make you, as a merchant, PCI compliant
  • You have to do deliberate work to be PCI compliant (initially and on an ongoing basis)
  • The likelihood of a merchant that takes credit cards being "PCI compliant" without making a deliberate, focused effort is as likely as someone who travels on airplanes a lot…passing a pilot’s license exam
  • There is no such thing as software that will make you PCI compliant
  • There is only software that is written and managed in a way that allows the merchant to be PCI compliant (if they do OTHER work) while using it
  • By contrast… if software that processes or stores credit cards is NOT "PCI approved" or "PCI compliant", it prevents you - as a merchant - from being PCI compliant no matter what else you do.

Subscribe to the CIMcloud blog