<P> The PCI DSS self - assessment questionnaires (SAQs) are validation tools intended to assist merchants and service providers report the results of their PCI DSS self - assessment . </P> <P> The Self - Assessment Questionnaire is a set of Questionnaires documents that merchants are required to complete every year and submit to their transaction Bank . SAQ is replied based on the internal PCI DSS self - evaluation . Each SAQ question must be replied with yes or no alternative . In the event that a question has the appropriate response "no", at that point the association must highlight its future implementation aspects . </P> <P> Although the PCI DSS must be implemented by all entities that process, store or transmit cardholder data, formal validation of PCI DSS compliance is not mandatory for all entities . Currently both Visa and MasterCard require merchants and service providers to be validated according to the PCI DSS . Visa also offers an alternative program called the Technology Innovation Program (TIP) that allows qualified merchants to discontinue the annual PCI DSS validation assessment . These merchants are eligible if they are taking alternative precautions against counterfeit fraud such as the use of EMV or Point to Point Encryption . </P> <P> Issuing banks are not required to go through PCI DSS validation although they still have to secure the sensitive data in a PCI DSS compliant manner . Acquiring banks are required to comply with PCI DSS as well as to have their compliance validated by means of an audit . </P>

Requirement 8 of version 3.0 of the pci dss standards