Document Comparison

AOC-SAQ_P2PE-v3_2_1-r1_1.pdf → AOC-SAQ_P2PE-v3_2_1-r2.pdf

93% similar

8 → 9 Pages

1650 → 1685 Words

11 Content Changes

Content Changes

11 content changes. 7 administrative changes (dates, page numbers) hidden.

Modified p. 2 → 3

Mail order/telephone order (MOTO) E-Commerce Card-present (face-to-face) Which payment channels are covered by this SAQ? Mail order/telephone order (MOTO) Card-present (face-to-face)

Mail order/telephone order (MOTO) E-Commerce Card-present (face-to-face) Which payment channels are covered by this SAQ? Mail order/telephone order (MOTO) E-Commerce Card-present (face-to-face)

Removed p. 3

P2PE Solution “Reassessment Date”:

Modified p. 3 → 4

Type of facility Number of facilities of this type Location(s) of facility (city, country) Example: Retail outlets 3 Boston, MA, USA Part 2d. P2PE Solution Provide the following information ~~from the PCI SSC listing~~ regarding the validated ~~PCI-listed~~ P2PE solution your organization uses:

Type of facility Number of facilities of this type Location(s) of facility (city, country) Example: Retail outlets 3 Boston, MA, USA Part 2d. P2PE Solution Provide the following information regarding the validated PCI P2PE solution your organization uses:

Modified p. 3 → 4

PCI SSC ~~listing “Reference #”~~ Listed POI Devices used by Merchant ~~(found under “PTS POI Devices Supported):~~

PCI SSC Reference Number Listed P2PE POI Devices used by Merchant (PTS Device Dependencies):

Modified p. 4 → 5

Note: Requirement 12.8 applies to all entities in this ~~list.~~

Note: Requirement 12.8 applies to all entities listed in response to this question.

Modified p. 4 → 5

Part 2g. Eligibility to Complete SAQ P2PE Merchant certifies eligibility to complete this version of the Self-Assessment Questionnaire because, for this payment channel:

Part 2g. Eligibility to Complete SAQ P2PE Merchant certifies eligibility to complete this shortened version of the Self-Assessment Questionnaire because, for this payment channel:

Modified p. 4 → 5

All payment processing is via the validated ~~PCI-listed~~ P2PE solution (per above).

All payment processing is via the validated PCI P2PE solution approved and listed by the PCI SSC (per above).

Modified p. 4 → 5

The only systems in the merchant environment that store, process or transmit account data are the ~~payment terminals~~ that are ~~part of~~ the validated PCI-listed P2PE solution.

The only systems in the merchant environment that store, process or transmit account data are the Point of Interaction (POI) devices that are approved for use with the validated and PCI-listed P2PE solution.

Modified p. 4 → 5

Merchant verifies there is no legacy storage of electronic cardholder ~~data.~~

Merchant verifies there is no legacy storage of electronic cardholder data in the environment.

Modified p. 4 → 5

~~Any~~ such ~~cardholder~~ data ~~the Merchant might retain~~ is only ~~on paper (for example,~~ paper reports or copies of paper ~~receipts)~~ and is not received electronically, and Merchant has implemented all controls in the P2PE Instruction Manual (PIM) provided by the P2PE Solution Provider.

If Merchant does store cardholder data, such data is only in paper reports or copies of paper receipts and is not received electronically, and Merchant has implemented all controls in the P2PE Instruction Manual (PIM) provided by the P2PE Solution Provider.

Modified p. 7 → 8

No evidence of, full track data1, CAV2, CVC2, ~~CID,~~ or CVV2 data2, or PIN data3) was found on ANY system reviewed during this assessment.

No evidence of, full track data1, CAV2, CVC2, CVN2, CVV, or CVV2 data2, or PIN data3) was found on ANY system reviewed during this assessment.