PCI Scope

pci logoThe card associations (Visa/MasterCard/American Express/Discover) require each merchant to be PCI compliant.  They also require PCI compliance for each vendor.

  • Vendors that host data, like SLIM CD, are required to perform PCI-DSS validations.
  • Vendors that write commercial software for resale must be validated with PA-DSS.

Vendors

Click here to search the PCI Security Standards website for the most current documentation on PA-DSS validation requirements.

Merchants

There are five different Self-Assessment Questionnaires (SAQs).
Each is designed to address a specific merchant situation.

  • SAQ A: Designed for those who outsource the touching of cardholder data to a third party
  • SAQ B: Designed for those who use hardware terminals (dial-up, etc)
  • SAQ C: Designed for those who use PA-DSS validated software point-of-sale systems
  • SAQ C-VT: Designed for those who use virtual terminals (web-based data entry for employees)
  • SAQ D: All others, or merchants that process higher volumes of transactions.

The easiest forms to complete for merchants that have integrated software systems are SAQ A and C-VT.  SAQ C is next, with SAQ D the most complicated.

Click here to search the PCI Security Standards website for the most current SAQ downloads.

PCI Scope Reduction for all

We encourage merchants and developers to select the most appropriate SAQ to minimize their PCI efforts and reduce the scope of their PCI exposure.

There are a few ways for you accomplish this:

  1. Select SLIM CD solutions that allow the merchant to use SAQ-A   This would include the SLIM CD Shopping Cart, Hosted Payment Pages, and/or implementing a wallet solution for consumers using SLIM CD’s tokenization.
  2. Launch SLIM CD apps instead of touching the cardnumbers with your own products to eliminate PA-DSS for developers and qualify for SAQ C-VT for merchants.   Our desktop software and mobile apps can be used to capture the payment transactions for you.
  3. Use encryption and tokenization to minimize the number of systems which touch cardholder data.   SLIM CD’s APIs and Libraries provide tokenized data for every transaction.  This can be combined with 1 above for further reductions.
  4. Never store cardnumbers,   Since SLIM CD automatically closes batches, there is no need to store cardnumbers.  Use SLIM CD’s API to perform credits/voids, bill repeat customers, or implement recurring billing.

PCI Summary

SLIM CD’s solutions can reduce your PCI exposure by limiting or eliminating systems from touching cardholder data.  All of this is accomplished without sacraficing payment acceptance capabilities.  Our systems provide minimal impact on the end-user experience, while adding the functionality of SLIM CD’s reporting and use of the entire SLIM CD suite of PC, WEB and MOBILE products.

SLIM CD Hosted Data Storage

All transactions are stored on SLIM CD’S PCI-Validated servers. Batches are closed automatically and receipt data can be retrieved on demand. Developer applications and networks no longer need to store cardholder data.

SLIM CD Tokenization

SLIM CD provides a distinct value for all transactions. This value can be used to process refunds or voids. Future payments can be initiated using this value without providing a card number or other customer information. Slim CD supports repeat customer and recurring billing using tokens.

Hardware Encryption

Hardware encryption starts at the swipe, sending encrypted data to the developer’s applications. This eliminates clear text cardholder data from the merchant’s network when transactions are swiped.