PCI-DSS SAQ-B-IP v4.0 Assessment Template
Self-Assessment Questionnaire (SAQ) B-IP includes only those PCI DSS requirements applicable to merchants that process account data only via standalone, PCI-listed approved PIN Transaction Security (PTS) point-of-interaction (POI) devices with an IP connection to the payment processor.
PCI-DSS Self-Assessment Completion Steps:
1. Confirm by review of the eligibility criteria in this SAQ and the Self-Assessment Questionnaire Instructions and Guidelines document on the PCI SSC website that this is the correct SAQ for the merchant’s environment
2. Confirm that the merchant environment is properly scoped.
3. Assess the environment for compliance with PCI DSS requirements.
4. Complete all sections of this document:
- Section 1: Assessment Information (Parts 1 & 2 of the Attestation of Compliance (AOC) – Contact Information and Executive Summary).
- Section 2: Self-Assessment Questionnaire B-IP.
- Section 3: Validation and Attestation Details (Parts 3 & 4 of the AOC – PCI DSS Validation and Action Plan for Non-Compliant Requirements (if Part 4 is applicable)
Points to Remember:
- An exception applies for PTS POI devices classified as Secure Card Readers (SCR) and Secure Card Readers for PIN (SCRPs); merchants using SCRs or SCRPs are not eligible for this SAQ.
- SAQ B-IP merchants may be either brick-and-mortar (card-present) or mail/telephone-order (card-not-present) merchants, and do not store account data on any computer system
- A merchant using an expired PTS POI device should check with its acquirer or individual payment brands about acceptability of this SAQ. Refer to PCI’s list of PIN Transaction Security Devices with Expired Approvals.
Getting StartedClick the Learn More button and get in touch.
|Type||Laws or related obligations|