Sage Payments and PCI Compliance SAQ Types
By Brian Seidel, President/CEO of Website Pipeline, Inc.
Let me start with this general disclaimer: I am not qualified to give professional advice on PCI-compliance… this is just my personal interpretation based on Website Pipeline going through the process of becoming a PCI DSS compliant service provider.
- Any merchant transacting credit cards has to be PCI DSS compliant – this is not a law, it is part of your contract terms with the CC companies (MasterCard and Visa).
- A company or software package cannot make you, as a merchant, PCI compliant
- You have to do deliberate work to be PCI compliant (initially and on an ongoing basis)
- The likelihood of a merchant that takes credit cards being "PCI compliant" without making a deliberate, focused effort is as likely as someone who travels on airplanes a lot…passing a pilot’s license exam
- There is no such thing as software that will make you PCI compliant
- There is only software that is written and managed in a way that allows the merchant to be PCI compliant (if they do OTHER work) while using it
- By contrast… if software that processes or stores credit cards is NOT "PCI approved" or "PCI compliant", it prevents you - as a merchant - from being PCI compliant no matter what else you do.