Skip to main content

Payment Card Policies

Payment Card Policies
Merchant Policies Templates (VERSION 3.2.1)

ALL merchants must select the correct template, update the template, save, and include with their merchant manual.

Merchant Specific Policies & Procedures Template Description Operational Policies & Procedures Template Description
Category 1 All credit card processing is outsourced (SAQ A). Category 1 All credit card processing is outsourced (SAQ A).
Category 2 Merchant only processes payments using a dial up (copper phone line or cellular) terminal (SAQ B). Category 2 Merchant only processes payments using a dial up (copper phone line or cellular) terminal (SAQ B).
Category 2 and 1 Merchant Business Unit processes payments by dial up or cellular terminal and accepts payments by outsourced e-commerce website (SAQ A & SAQ B). Category 2 and 1 Merchant Business Unit processes payments by dial up or cellular terminal and accepts payments by outsourced e-commerce website (SAQ A & SAQ B).
Category 4 Merchant only processes payments using a web-based (virtual terminal, and does not store cardholder data electronically (SAQ C-VT). Category 4 Merchant only processes payments using a web-based (virtual terminal, and does not store cardholder data electronically (SAQ C-VT).
Category 4 and 1 Merchant only processes payments by outsourced e-commerce website and also by virtual terminal (SAQ A and SAQ C-VT). Category 4 and 1

Merchant only processes payments by outsourced e-commerce website and also by virtual terminal (SAQ A and SAQ C-VT)

Category 4, 2, and 1 Merchant Business Unit processes payments by dial up or cellular terminal, accepts payments by outsourced e-commerce website, and also by virtual terminal (SAQ A, SAQ B, & SAQ C-VT). Category 4, 2, and 1 Merchant Business Unit processes payments by dial up or cellular terminal, accepts payments by outsourced e-commerce website, and also by virtual terminal (SAQ A, SAQ B, & SAQ C-VT).
Category P2PE Merchant only processes payments using a validated P2PE solution or is using an E2EE solution that was audited by our QSA and scope reduction was granted by our acquiring bank (SAQ P2PE-HW). Category P2PE Merchant only processes payments using a validated P2PE solution or is using an E2EE solution that was audited by our QSA and scope reduction was granted by our acquiring bank (SAQ P2PE-HW).
Category P2PE and 1 Merchant Business Unit processes payments using validated P2PE solution and is also processing payments by outsourced e-commerce website (SAQ A & SAQ P2PE-HW). Category P2PE and 1 Merchant Business Unit processes payments using validated P2PE solution and is also processing payments by outsourced e-commerce website (SAQ A & SAQ P2PE-HW).
Category P2PE, 2, and 1 Merchant Business Unit processes payments using validated P2PE solution, by dial up or cellular terminal, and also by outsourced e-commerce website (SAQ A, SAQ B, & SAQ P2PE-HW). Category P2PE, 2, and 1 Merchant Business Unit processes payments using validated P2PE solution, by dial up or cellular terminal, and also by outsourced e-commerce website (SAQ A, SAQ B, & SAQ P2PE-HW).
 
Supplemental Forms

Diagram Guidance

General Merchant Policies

IT / Advanced Security Policies

Reviewed 2023-05-16