Barclays uses cookies on this website. Some cookies are essential to provide our services to you. Other cookies help us to analyse how you use the site, so we can improve your experience on our site. Cookies are stored locally on your computer or mobile device. Please select 'Accept all' to consent to cookies, or select ‘Reject all’ to reject all but essential cookies’, or select 'Manage cookies' to change your preferences. For more information visit our cookie policy.

I don’t want to use Barclaycard Data Security Manager or Proactive Security Service. Where can I get a PCI DSS Self-Assessment Questionnaire (SAQ) from?

In the past, we found that many of our customers who completed the SAQ without consulting a Payment Card Industry assessor weren’t accurately reporting the security they had in place at their organisation. This meant that – without knowing it – they were misrepresenting their compliance with the PCI DSS, and were therefore non-compliant. This was putting them at unnecessary risk of a security breach and therefore subsequent card scheme penalties – all of which we wouldn’t have been able to defend because they weren’t actually compliant.

That’s why we now ask customers to use either our Data Security Manager (DSM) or Proactive Security Service (PSS) to complete the PCI DSS compliance reporting process.

If you have an Internal Security Assessor (ISA), or are multi-acquired, and have certification that has been issued via another Payment Card Industry assessor, these documents should be uploaded to DSM to evidence your compliance to us.