Go to navigation Go to content
opener

Payment Card Policies

Payment Card Policies
Merchant Policies Templates (VERSION 3.2.1)

ALL merchants must select the correct template, update the template, save, and include with their merchant manual.

Merchant Specific Policies & Procedures Template Description Operational Policies & Procedures Template Description
Category 1 All credit card processing is outsourced (SAQ A). Category 1 All credit card processing is outsourced (SAQ A).
Category 2 Merchant only processes payments using a dial up (copper phone line or cellular) terminal (SAQ B). Category 2 Merchant only processes payments using a dial up (copper phone line or cellular) terminal (SAQ B).
Category 2 and 1 Merchant Business Unit processes payments by dial up or cellular terminal and accepts payments by outsourced e-commerce website (SAQ A & SAQ B). Category 2 and 1 Merchant Business Unit processes payments by dial up or cellular terminal and accepts payments by outsourced e-commerce website (SAQ A & SAQ B).
Category 3 Merchant only processes payments using an IP terminal (SAQ B-IP). Category 3 Merchant only processes payments using an IP terminal (SAQ B-IP).
Category 3 and 1 Merchant Business Unit processes payments by IP terminal and accepts payments by outsourced e-commerce website (SAQ A & SAQ B-IP). Category 3 and 1 Merchant Business Unit processes payments by IP terminal and accepts payments by outsourced e-commerce website (SAQ A & SAQ B-IP).
Category 4 Merchant only processes payments using a web-based (virtual terminal, and does not store cardholder data electronically (SAQ C-VT). Category 4 Merchant only processes payments using a web-based (virtual terminal, and does not store cardholder data electronically (SAQ C-VT).
Catergory 4 and 1 Merchant only processes payments by outsourced e-commerce website and also by virtual terminal (SAQ A and SAQ C-VT). Category 4 and 1

Merchant only processes payments by outsourced e-commerce website and also by virtual terminal (SAQ A and SAQ C-VT)

Category 4, 2, and 1Merchant Business Unit processes payments by dial up or cellular terminal, accepts payments by outsourced e-commerce website, and also by virtual terminal (SAQ A, SAQ B, & SAQ C-VT).Category 4, 2, and 1Merchant Business Unit processes payments by dial up or cellular terminal, accepts payments by outsourced e-commerce website, and also by virtual terminal (SAQ A, SAQ B, & SAQ C-VT).
Category 5Merchant only processes payments with payment application systems connected to the internet and NO electronic cardholder data storage (SAQ C).Category 5Merchant only processes payments with payment application systems connected to the internet and NO electronic cardholder data storage (SAQ C).
Category 5 and 1Merchant Business Unit processes payments with payment application systems (NO electronic cardholder data storage) and also with outsourced e-commerce website (SAQ A & SAQ C).Category 5 and 1Merchant Business Unit processes payments with payment application systems (NO electronic cardholder data storage) and also with outsourced e-commerce website (SAQ A & SAQ C).
Category 5 and 2Merchant Business Unit processes payments with payment application systems (NO electronic cardholder data storage) and also with dial up or cellular terminals (SAQ B & SAQ C).Category 5 and 2Merchant Business Unit processes payments with payment application systems (NO electronic cardholder data storage) and also with dial up or cellular terminals (SAQ B & SAQ C).
Category 5, 2, and 1Merchant Business Unit processes payments with payment application systems (NO electronic cardholder data storage), dial up or cellular terminal, and outsourced e-commerce website (SAQ A, SAQ B, & SAQ C).Category 5, 2, and 1Merchant Business Unit processes payments with payment application systems (NO electronic cardholder data storage), dial up or cellular terminal, and outsourced e-commerce website (SAQ A, SAQ B, & SAQ C).
Category 5, P2PE, and 2Merchant Business Unit processes payments with payment application systems (NO Electronic cardholder data storage), dial up or cellular terminal, and P2PE solution (SAQ B, SAQ C, & SAQ P2PE-HW).Category 5, P2PE, and 2Merchant Business Unit processes payments with payment application systems (NO Electronic cardholder data storage), dial up or cellular terminal, and P2PE solution (SAQ B, SAQ C, & SAQ P2PE-HW).
Category P2PEMerchant only processes payments using a validated P2PE solution or is using an E2EE solution that was audited by our QSA and scope reduction was granted by our acquiring bank (SAQ P2PE-HW).Category P2PEMerchant only processes payments using a validated P2PE solution or is using an E2EE solution that was audited by our QSA and scope reduction was granted by our acquiring bank (SAQ P2PE-HW).
Category P2PE and 1Merchant Business Unit processes payments using validated P2PE solution and is also processing payments by outsourced e-commerce website (SAQ A & SAQ P2PE-HW).Category P2PE and 1Merchant Business Unit processes payments using validated P2PE solution and is also processing payments by outsourced e-commerce website (SAQ A & SAQ P2PE-HW).
Category P2PE and 2Merchant Business Unit processes payments using validated P2PE solution and is also processing payments by dial up or cellular terminal(s) (SAQ B & SAQ P2PE-HW).Category P2PE and 2Merchant Business Unit processes payments using validated P2PE solution and is also processing payments by dial up or cellular terminal(s) (SAQ B & SAQ P2PE-HW).
Category P2PE, 2, and 1Merchant Business Unit processes payments using validated P2PE solution, by dial up or cellular terminal, and also by outsourced e-commerce website (SAQ A, SAQ B, & SAQ P2PE-HW).Category P2PE, 2, and 1Merchant Business Unit processes payments using validated P2PE solution, by dial up or cellular terminal, and also by outsourced e-commerce website (SAQ A, SAQ B, & SAQ P2PE-HW).
 
Supplemental Forms

Diagram Guidance

General Merchant Policies

IT / Advanced Security Policies

Reviewed 2018-11-07.