Adyen Data Security Attestation Form
As you wish to receive credit card payments through Adyen, you must comply with the requirements of the Payment Card Industry Data Security Standards ("PCI DSS"). It is therefore mandatory to complete the Self-Assessment Questionnaire ("SAQ"). If you have any questions about this form, please contact your Adyen representative.
Here you can get help in filling out the English-language document ( sample extract):
Declaration of consent
Before Section 1, you are required to agree to the three items below and mark them accordingly with an (x).
The Section 1: Merchant Information...
This section asks for information about the trader (that's you from Adyen's point of view). These are entered in the corresponding field.
The Section 2: Third-Party Service Providers...
Please list all third party providers who have access to cardholder data and upload their AoC (Attestation of Compliance).
The Section 3: Data Security Attestation...
To be able to make card payments with Adyen, you must meet all of the following requirements (x). (11-13 are mandatory and not required fields).
• The Section 4: Attestation...
Based on the foregoing, the undersigned certifies at the end of the form that the information contained in this certificate is true and correct. Please check the automatically completed SAQ A and sign at the end of the form (second to last page, part 3b "Trader certificate").
Security Standards Council: (Before You Begin, page iii)
SAQ A is designed to meet requirements applicable to merchants whose cardholder data is fully outsourced to validated third parties. The merchant keeps paper reports or receipts with cardholder data.
SAQ A Merchants may be either e-commerce or mail/telephone order merchants and may not store, process or transmit Cardholder Data in electronic format on their systems or premises.
Section 1: Assessment Information...
This document is to be completed as a merchant self-disclosure results statement with the Payment Card Industry Data Security Standard Requirements and Security Assessment Procedures (PCI DSS).
Fill in all fields! The trader is responsible for ensuring that each section is completed by the relevant party.
Section 2: Self-Assessment Questionnaire A...
The following questions are numbered according to the PCI-DSS requirements and test procedures as defined in the PCI-DSS requirements.
Tick one answer for each question.
Appendix A: Additional PCI DSS Requirements
Appendix A1...
This Appendix is not used for merchant assessments.
German: This annex is not used for the assessment of traders.
Appendix A2...
This Appendix is not used for SAQ A merchant assessments.
German: This appendix is not used for SAQ A trader assessments.
Appendix A3...
Designed Entities Supplemental Validation (DESV)
This annex only applies to businesses if one or more payment card holders (Visa, Mastercard, etc.) have been designated as requiring it. (validation of existing PCI-DSS requirements).
Appendix B...
Compensating Controls Worksheet
Use this page to define controls for all requirements where "Yes with CCW" was previously ticked.
Appendix C...
Explanation of Non-Applicability
If the column "N/A" (Not applicable) was ticked in the questionnaire, use this page to explain why.
Section 3...
Validation and Attestation Details
This AOC is based on results indicated in SAQ A (Section 2) with the date (SAQ completion date).
Here you confirm your conformity (Compliant) - or not (Non-Compliant). In the case of partial compliance (the third alternative), please contact Adyen Support exclusively for clarification.
Part 3.a...
Acknowledgement of Status
German: Confirmation of the status
You should be able to confirm almost all of these topics positively, if so tick them off:
PCI DSS Self-Assessment Questionnaire A, Version (version of SAQ), was completed according to the instructions therein.
German: PCI DSS Self-Assessment Questionnaire A, Version (version of the SAQ), was completed in accordance with the instructions contained therein.
All information within the above-referenced SAQ and in this attestation fairly represents the results of my assessment in all material respects.
German: All information in the above SAQ and in this attestation gives the results of my assessment of my evaluation in all material respects.
I have confirmed with my payment application vendor that my payment system does not store sensitive authentication data after authorisation.
German: I have confirmed with my payment application provider that my payment system does not store sensitive authentication data after authorisation. (Note Hypersoft for you: yes, we do not store such sensitive data).
I have read the PCI DSS and I recognize that I must maintain PCI DSS compliance, as applicable to my environment, at all times.
German: I have read the PCI DSS and acknowledge that I must maintain PCI DSS compliance, as applicable to my environment, at all times.
If my environment changes, I recognise I must reassess my environment and implement any additional PCI DSS requirements that apply.
If my environment changes, I need to reassess my environment and implement any additional PCI DSS requirements.
No evidence of full track data1, CAV2, CVC2, CID, or CVV2 data2, or PIN data3 storage after transaction authorisation was found on ANY system reviewed during this assessment.
German: Complete track data1, CAV2, CVC2, CID or CVV2 data2 or PIN data3 after transaction authorisation was not found on ANY of the systems reviewed during this assessment. (Note Hypersoft: In fact, you are responsible for this as the equipment and system are used by you).
ASV scans are being completed by the PCI SSC Approved Scanning Vendor (ASV Name)
German: ASV scans are performed by the PCI SSC approved scanning provider (ASV name). (Note: You must decide whether to have your system scanned by an approved third party. Hypersoft unfortunately cannot provide or arrange this service).
Support
We assume that you were able to process the form more easily with this assistance. If you have any further questions, please contact your Adyen contact at Adyen or your Onboarding contact at Hypersoft.
Back to the parent page: Hypersoft Pay with Adyen Onboarding