PCI DSS SAQ C-VT Compliance | Forms | Questionnaires | Self-Assessments | PCI Policy Sample Templates

PCI DSS SAQ C-VT is the actual PCI Self-Assessment Questionnaire used by merchants that process cardholder data only “via isolated virtual terminals” on personal computers connected to the Internet.  More specifically, a “virtual terminal” is simply a web browser interface into a third-party (i.e., payment processor, etc.) that actually authorizes payment transactions.  PCI DSS SAQ C-VT, while becoming a very common Self-Assessment questionnaire for compliance, also requires a number of documented operational and information security policies and procedures to be in place, which you can obtain from pcipolicyportal.com.

Requirements for allowing Merchants to use SAQ C-VT for PCI DSS Compliance
Before beginning the process with SAQ C-VT, please confirm the following (according to the actual SAQ C-VT document available at pcisecuritystandards.org):

•    Your company’s only payment processing is done via a virtual terminal accessed by an Internet connected web browser.
•    Your company’s virtual terminal solution is provided and hosted by a PCI DSS validated third-party service provider.
•    Your company accesses the PCI DSS compliant virtual terminal solution via a compute that is isolated in a single location, and is not connected to other locations or systems within your environment (this can be achieved via firewall or network segmentation to isolate the computer from other systems).
•    Your company’s computer does not have software installed that causes cardholder data to be stored (such as batch processing or store and forward).
•    Your company’s computer does not have any attached hardware devices that are used to capture or store cardholder data (for example, no card readers).
•    Your company does not otherwise receive or transmit cardholder data electronically through any channels (such as an internal network or the Internet).
•    Your company retains only paper reports or paper copies of receipts, and;
•    Your company does not store cardholder data in electronic format.

PCI SAQ C-VT Policy Sample Templates for Compliance | Download Today
If your organization actually meets the above stated provisions, then self-assessing with PCI SAQ C-VT is permissible, which will requires documented PCI policies and procedures for compliance.  As for PCI SAQ C-VT, it mandates compliance with the following PCI DSS Requirements (i.e., sections): 1, 2, 3, 4, 5, 6, 7, 9, and 12.    Remember, there are twelve (12) different “requirements” within the PCI DSS standards, with many of them mandating PCI policies and procedures to be in place.  As for PCI SAQ C-VT compliance, merchants can purchase the actual PCI SAQ C-VT policy sample templates developed exclusively by pcipolicyportal.com, which greatly helps in the overall certification process.  Thus, simply purchase the SAQ C-VT policy sample templates, follow the PCI SAQ Certification process steps as discussed by pcipolicyportal.com, and be well on your way towards compliance.  

Additionally, pcipolicyportal.com also offers policy and procedure writing services, along with PCI policies and procedures for all other SAQ reporting mandates (A, B, C, D, P2PE-HW), including Level 1 onsite assessments by an actual PCI-QSA.  Contact us today to learn more, along with signing up for the free pcipolicyportal.com training webinars.