Data security and customer privacy are crucial to every online business. An especially important goal is to secure and protect the credit card information of your customers. In 2006, to help achieve this goal, American Express, Discover, JCB International, MasterCard, and Visa Inc. created the Payment Card Industry Security Standards Council (PCI SSC). Working together, these five major card companies created the PCI Data Security Standard (PCI DSS). The PCI DSS is an information security standard for organizations that access, handle, process, or store credit card information. The PCI Standard is industry mandated and administered by the PCI SSC.
PCI Self-Assessment Questionnaires
The PCI Self-Assessment Questionnaires (SAQs) are tools designed to assist retailers in validating and reporting their PCI DSS self-assessment. All retailers are required to complete a PCI SAQ. If you are becoming a Bolt retailer, Bolt is asking that you complete an SAQ as a part of your onboarding process within one month of launch. If you are an existing Bolt retailer, Bolt is requesting that you complete an SAQ annually.
This process is a crucial improvement for Bolt and our retailers, but we recognize that this may be an additional burden. To make the process as pain-free, easy, and transparent as possible, Bolt has partnered with SecurityMetrics, a Qualified Security Assessor (QSAs). QSAs are independent security agencies qualified by the PCI Security Standards Council to validate an entity’s adherence to the PCI DSS. SecurityMetrics can help you choose the right SAQ and support you through the process.
The SecurityMetrics SAQ uses a simple SAQ with just Yes-or-No questions for all relevant PCI DSS requirements. How you capture, handle and store card data will determine which SAQ is appropriate for you. The SecurityMetrics process will make it easy for you to select the correct SAQ for your business. Read more about SAQs on the PCI website.
Covering your Costs
Bolt will cover the SAQ fee, and the ongoing annual renewal fees charged by SecurityMetrics. If you’d like to purchase additional products from SecurityMetrics, you’ll be responsible for those fees. Bolt has negotiated a 20% discount for Bolt retailers for all additional SecurityMetrics services.
We know we’re asking you to take an extra step. In addition to covering the SecurityMetrics fee for the SAQ, Bolt is providing a free security scan, plus PCI training for 1 person. Bolt will also cover the cost of the ongoing annual renewal fee. If you’d like to purchase additional products from SecurityMetrics, you’ll be responsible for those fees. Bolt has negotiated a 20% discount for Bolt retailers for all additional SecurityMetrics services.
While Bolt itself follows PCI compliance procedures and securely stores and processes card data, this does not automatically fulfill your PCI compliance requirements. Indeed, Bolt may not take responsibility for a retailer’s compliance, as PCI requires each party in the payment chain to take responsibility for their compliance. You are still required to complete an annual SAQ to be PCI compliant.
Failure to complete your SAQ as required for PCI compliance might result in substantial fines and the suspension of your ability to accept credit card payments.
Regarding PCI compliance, Bolt is always willing to help in any way we can. However, SecurityMetrics is a specialist PCI company and is consequently better equipped to answer specific questions about your compliance. To find the best way to contact SecurityMetrics, visit their website.
Q: What happens if I can’t complete the SAQ before the due date?
A: Life is busy - we get that. If you can’t complete the SAQ before the designated due date, you will be responsible for a monthly penalty fee ($20 per month) for every month that you don’t complete the SAQ. After another 3 months, if the SAQ is still not completed, Bolt Compliance will reach out directly to ask for an explanation and to agree to the next steps.
Q: How long will it take for me to complete the SAQ?
A: By engaging with SecurityMetrics, Bolt has made this process as simple and painless as possible. Most retailers complete their SAQ within 7 days.
Q: What do I do if I need help with the SAQ?
A: SecurityMetrics will have dedicated resources to walk you through the steps. Otherwise, feel free to contact us either through your Bolt representative or via firstname.lastname@example.org and we can help.
Q: Will I need to renew the SAQ on a regular basis?
A: Yes, you will need to renew your SAQ once a year. SecurityMetrics and Bolt will provide reminders and support to help you through the process. Bolt will cover the cost of the renewal fee.
Q: What if I already completed an SAQ through a different method?
A: You will not need to complete the SAQ again, but you will need to send in your completed SAQ to Bolt. You can do this by enrolling into Security Metrics and uploading your SAQ to the portal. If there is anything missing from your previous SAQ, we’ll reach out to align on next steps.
Q: What if we are not using Bolt as the processor (using Stripe, Braintree, or another payments processor instead)?
A: You still need to complete the SAQ for the Bolt portion of your business.