Frequently Asked Question
What is SAQ C-VT?
- The only payment processing is done via a virtual terminal accessed by an Internet connected web browser;
- The virtual terminal solution is provided and hosted by a PCI DSS validated third party service provider;
- The PCI DSS compliant virtual terminal solution is accessed via a computer that is isolated in a single location, and is not connected to other locations or systems within the merchant environment (this can be achieved via a firewall or network segmentation to isolate the computer from other systems);
- The merchant’s computer does not have software installed that causes cardholder data to be stored (for example, there is no software for batch processing or store-and-forward);
- The merchant’s computer does not have any attached hardware devices that are used to capture or store cardholder data (for example, there are no card readers attached);
- The merchant’s does not otherwise receive or transmit cardholder data electronically through any channels (for example, via an internal network or the Internet);
- The merchant retains only paper reports or paper copies of receipts; and
- The merchant does not store cardholder data in electronic format.