Man, I’m falling into the EMC culture nicely. It’s an acronym laden Friday (INSANE IN THE MEMBRANE)!

Put Them Together, by garryknight

Last night I received an email from the PCI SSC PR team about the new Self-Assessment Questionnaires. You can get them here. While they were not released on the same day as the 2.0 version of PCI DSS, they were quickly ushered out the door. Kudos to the Council for getting these done in a timely manner! I know I’ve had NUMEROUS questions from the 7+million merchant community that deals with SAQs over the last three weeks on the pending release of these.

One of the biggest adjustments to the SAQ process is the recognition (or segmentation maybe) of the virtual terminal. If you are using a web-based virtual terminal, you should now use SAQ C-VT. After reviewing this SAQ, I would HIGHLY recommend merchants to take a look at this method of processing cards as the impact that PCI DSS would have on your environment now is quite minimal (provided your environment strictly conforms to the definition).

Take a look at the new SAQ options. It may be time to re-evaluate how you process payments, and I have a group of professionals that can assist!

This post originally appeared on