Which SAQ type do I need to fill in?


I use Stripe on my website, instead of using their Stripe.js, I want to use their PHP tockenization, that I can get first 6-digits and pass it to MaxMind, I am not going to store any CC info on my site in anyway, cc info just hits my server for a few milliseconds to get the BIN of cc and pass it to MaxMind and the other info will be passed to Stripe to get tocken, that’s all I am doing to do with CC. So beside getting ASV scanned, I am confused which SAQ type applies to me? A-EP? D for Merchants? or what?

I don’t think that is allowed. If it hits the server it can be easily stolen.

Even if it is allowed it is way less secure than any option where the cc doesn’t go anywhere near your server.

If even in this case is not allowed, then what is the purpose of AVS scan and PCI at all??
And how to get the BIN number of cc to send it to MaxMind?

Any advice yet?

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.