PCI DSS Self Assessment

PCI DSS Self Assessment

Custom Gateway are PCI DSS Level 4 compliant 


Detailed below is our Self Assessment Questionnaire A (SAQ) for companies where all payment processing functions is fully outsourced and  no electronic cardholder data storage.

We confirm we meet the following eligibility criteria. 


 Your company accepts only card-not-present (e-commerce or mail/telephone-order) transactions;

That is correct we only use hosted payment Gateway via Gateway OMS or Smartlinks



 All processing of cardholder data is entirely outsourced to PCI DSS validated third-party service providers;

That is correct we only use hosted platforms provided by Secure trading, Paypal, Authorise.net & Stripe



 Your company does not electronically store, process, or transmit any cardholder data on your systems or premises, but relies entirely on a third party(s) to handle all these functions;

That is correct where a repeat payment is required we only store a token provided by the PCI DSS compliant provider 



 Your company has confirmed that all third party(s) handling storage, processing, and/ortransmission of cardholder data are PCI DSS compliant;

We have checked the certification from the payment providers we use 


 Any cardholder data your company retains is on paper (for example, printed reports or receipts),and these documents are not received electronically.

We do not retain any data on paper as do not take credit card details ourselves



Additionally, for e-commerce channels:
 All elements of all payment pages delivered to the consumer’s browser originate only and directly from a PCI DSS validated third-party service provider(s).

That is correct we only use hosted payment gateways 

    • Related Articles

    • Feeds for Self Fulfillment

      There are some products in VPW which are made available to be self fulfilled by retailers who have the production capabilities to do so. In CPP every product under the "Basic Details" tab shows a "Self Fulfilment" tick box under "Production Type". If ...
    • What Security Policies do you have in place for Gateway Sites?

      1. Hosting - Gateway Sites are hosted with UKFast who are one of the UKs leading Tier 1 Hosting Providers on our own dedicated servers   They fully-own, manage and operate carbon and carrier-neutral data centres, which offers over 30,000 sq ft of ...
    • Gateway 3D Recommended Payment Service Providers (PSP)

      We have used and can implement a fully PCI compliant hosted payment page from the following suppliers. We use hosted pages as this eliminates the need for your website to be independently PCI compliant - saving you both time and money     Name ...
    • What is the Virtual Product Warehouse Tab

      5.1 What is VPW? As part of your subscription to CPP, all customers have access to content fulfilled by our Supplier Network. Some of this content will be licensed by well known brands such as Disney, Star Wars & many sports brands & teams. Some ...
    • Virtual Products | Explained

      What is a Virtual Product? A 'Virtual Product' is a Product that is created from a Supplier approved Blank Product on CPP. Thus, it directly inherits all Supplier and production related properties (such as the Preview and Print Specification) which ...