|
|
|
|
|
|
by jmcarlin
5102 days ago
|
|
|
Spreedly Core isn't for handling specific requirements per se, but changing the entire scope of compliance. Basically, if you're only only doing card-not-present transactions and you never store, process or transmit cardholder data, you qualify for SAQ A. The full eligibility requirements for SAQ A consists of the following: * Your company handles only card-not-present (e-commerce or mail/telephone-order) transactions;
* Your company does not store, process, or transmit any cardholder data on your systems or premises, but relies entirely on third party service provider(s) to handle all these functions;
* Your company has confirmed that the third party(s) handling storage, processing, and/or transmission of cardholder data is PCI DSS compliant;
* Your company retains only paper reports or receipts with cardholder data, and these documents are not received electronically; and
* Your company does not store any cardholder data in electronic format.
|
|
|