PCI Security Standards Council Bulletin: SAQ Instructions and Guidelines and SAQ SPoC Published for PCI DSS v4.0

2023-09-21T18:52:05+00:00 PDF

P
CI Security Standards Council Bulletin: SAQ Instructions and Guidelines and
SAQ SPoC Published for PCI DSS v4.0
21
September 2023
P
CI SSC has published the following documents for PCI DSS v4.0:
• Self-Assessment Questionnaire (SAQ) Instructions and Guidelines.
• SAQ for Software-based PIN Entry on COTS (SAQ SPoC).
T
he updated SAQ Instructions and Guidelines provides information about all PCI DSS v4.0 SAQs,
including the new SAQ SPoC. Along with detailed information about each SAQ, this document includes
guidance on the intent of the SAQs, eligibility criteria for the SAQs, and how to complete an SAQ. The
updates for PCI DSS v4.0 also include comparisons of different merchant environments, including e-
commerce methods and merchant eligibility criteria for SAQs A and A-EP, to help merchant organizations
identify the right SAQ for their environment.
T
he new SAQ SPoC supports merchants using a commercial off-the-shelf (COTS) mobile device, such as
a phone or tablet, with a secure card reader as part of a PCI SSC-listed SPoC Solution. These merchants
process card-present transactions and have no access to clear-text account data on any computer
system. This new SAQ is not applicable to unattended card-present, mail-order/telephone order (MOTO),
or ecommerce channels. This SAQ is also not applicable to service providers.
The S
AQ Instructions and Guidelines for PCI DSS v4.0 and the PCI DSS v4.0 SAQ SPoC can be found
in the PCI SSC Document Library.
###