PCI DSS 3.0

The new security standard PCI DSS 3.0 will apply for e-commerce credit card payments from 1 January 2015.

In addition to numerous minor optimisations, there are also substantial modifications, the most fundamental new development being the self-declaration and classification of individual online Traders.

Until now, all traders have received a standard form (the SAQ self-assessment questionnaire) with approximately 10 questions. Traders will now be divided into 2 groups. For traders who have fully outsourced their payment form (for entering credit card information) to a certified payment service provider, the conditions won't change (SAQ A). This will apply, for example, to all traders who already use the Datatrans Standard Mode - with a redirect to payment forms managed by Datatrans. The SAQ A questionnaire for the simplified self-declaration is available under the following link:

Questionnaire SAQ A

For traders who manage their payment form themselves and only forward credit card information directly to a certified payment service provider, additional conditions will apply from 1st January 2015 – they will now receive a questionnaire with over 100 criteria (SAQ A-EP).

You will find a comparison of both options for self-declaration here:

Understanding SAQs PCI DSS

Which Datatrans payment solutions do the additional self-declaration requirements apply to now (SAQ A-EP)?

The additional conditions for self-declaration (SAQ A-EP) apply to all traders who manage their credit card payment form themselves – with Datatrans payment solutions this applies for both solution variants: "Hidden Mode" and "Ajax".

If you use one of these two payment solutions – or choose to continue using them as an existing Datatrans customer, please obtain information about the additional requirements that need to be fulfilled with your self-declaration within the framework of PCI DSS 3.0. The SAQ A- EP questionnaire, which you need, is available under the following link:

Questionnaire SAQ A-EP

The requirements for self-declaration in accordance with SAQ A-EP are stringent and they involve additional annual costs. Datatrans regards this solution as suitable for many large traders who already fulfil most of the conditions.

Further to the Datatrans payment solutions

Increased security requirements with PCI DSS new from July 2018