PCI DSS SAQ C-VT Compliance | Forms | Questionnaires | Self-Assessments | PCI Policy Sample Templates

PCI DSS SAQ C-VT is the actual PCI Self-Assessment Questionnaire used by merchants that process cardholder data only “via isolated virtual terminals” on personal computers connected to the Internet.  More specifically, a “virtual terminal” is simply a web browser interface into a third-party (i.e., payment processor, etc.) that actually authorizes payment transactions.  PCI DSS SAQ C-VT, while becoming a very common Self-Assessment questionnaire for compliance, also requires a number of documented operational and information security policies and procedures to be in place, which you can obtain from

Requirements for allowing Merchants to use SAQ C-VT for PCI DSS Compliance
Before beginning the process with SAQ C-VT, please confirm the following (according to the actual SAQ C-VT document available at

•    Your company’s only payment processing is done via a virtual terminal accessed by an Internet connected web browser.
•    Your company’s virtual terminal solution is provided and hosted by a PCI DSS validated third-party service provider.
•    Your company accesses the PCI DSS compliant virtual terminal solution via a compute that is isolated in a single location, and is not connected to other locations or systems within your environment (this can be achieved via firewall or network segmentation to isolate the computer from other systems).
•    Your company’s computer does not have software installed that causes cardholder data to be stored (such as batch processing or store and forward).
•    Your company’s computer does not have any attached hardware devices that are used to capture or store cardholder data (for example, no card readers).
•    Your company does not otherwise receive or transmit cardholder data electronically through any channels (such as an internal network or the Internet).
•    Your company retains only paper reports or paper copies of receipts, and;
•    Your company does not store cardholder data in electronic format.

PCI SAQ C-VT Policy Sample Templates for Compliance | Download Today
If your organization actually meets the above stated provisions, then self-assessing with PCI SAQ C-VT is permissible, which will requires documented PCI policies and procedures for compliance.  As for PCI SAQ C-VT, it mandates compliance with the following PCI DSS Requirements (i.e., sections): 1, 2, 3, 4, 5, 6, 7, 9, and 12.    Remember, there are twelve (12) different “requirements” within the PCI DSS standards, with many of them mandating PCI policies and procedures to be in place.  As for PCI SAQ C-VT compliance, merchants can purchase the actual PCI SAQ C-VT policy sample templates developed exclusively by, which greatly helps in the overall certification process.  Thus, simply purchase the SAQ C-VT policy sample templates, follow the PCI SAQ Certification process steps as discussed by, and be well on your way towards compliance.  

Additionally, also offers policy and procedure writing services, along with PCI policies and procedures for all other SAQ reporting mandates (A, B, C, D, P2PE-HW), including Level 1 onsite assessments by an actual PCI-QSA.  Contact us today to learn more, along with signing up for the free training webinars.

Talk with one of our experts!

You're In

We just sent our latest PCI DSS Starter Toolkit right to your inbox.

You're In

Be sure to check your inbox... we just sent you our latest PCI DSS Starter Toolkit.

Where can we send your free PCI DSS Toolkit?

Privacy - We hate spam too and promise to keep your email address safe!



Access our most powerful toolkit yet!
Here’s what’s included…