I don’t want to use Barclaycard Data Security Manager or Proactive Security Service. Where can I get a PCI DSS Self-Assessment Questionnaire (SAQ) from?

In the past, we found that many of our customers who completed the SAQ without consulting a Payment Card Industry assessor weren’t accurately reporting the security they had in place at their organisation. This meant that – without knowing it – they were misrepresenting their compliance with the PCI DSS, and were therefore non-compliant. This was putting them at unnecessary risk of a security breach and therefore subsequent card scheme penalties – all of which we wouldn’t have been able to defend because they weren’t actually compliant.

That’s why we now ask customers to use either our Data Security Manager (DSM) or Proactive Security Service (PSS) to complete the PCI DSS compliance reporting process.

If you have an Internal Security Assessor (ISA), or are multi-acquired, and have certification that has been issued via another Payment Card Industry assessor, these documents should be uploaded to DSM to evidence your compliance to us.