This document summarizes the services of SAQ 4 U, a company that helps small businesses comply with the PCI Data Security Standard (PCI-DSS) by completing the Self-Assessment Questionnaire (SAQ) on their behalf. SAQ 4 U determines the required SAQ form based on a business's transaction volume and payment card industry merchant level. They then complete the form, review the results, and guide the business through the validation process. Their services help businesses comply with PCI-DSS requirements without needing to hire a costly Qualified Security Assessor.

1. SAQ 4 U - Serving the small business Self Assessment Questionnaire (SAQ) What is it? Why is it important?

2. Who is SAQ 4 U? A privately held business. Established to help small business owners with the first step toward complying with The Payment Card Industry – Data Security Standards (PCI-DSS). Industry professionals with a keen understanding of payment card security and PCI regulations. NOT a costly Qualified Security Assessor (QSA), because you don’t need to pay high dollars to complete an SAQ.

3. What is PCI-DSS? As stated by the Payment Card Industry (PCI) Security Standards Council (SSC): "The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data." Source: http://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

4. PCI’s 12-Steps for compliance Build and Maintain a Secure Network Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data Requirement 3: Protect stored cardholder data Requirement 4: Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program Requirement 5: Use and regularly update anti-virus software Requirement 6: Develop and maintain secure systems and applications Implement Strong Access Control Measures Requirement 7: Restrict access to cardholder data by business need-to-know Requirement 8: Assign a unique ID to each person with computer access Requirement 9: Restrict physical access to cardholder data Regularly Monitor and Test Networks Requirement 10: Track and monitor all access to network resources and cardholder data Requirement 11: Regularly test security systems and processes Maintain an Information Security Policy Requirement 12: Maintain a policy that addresses information security

5. What the card brands say (like VISA) All merchants will fall into one of the four merchant levels based on payment card transaction volume over a 12-month period. Payment card transaction volume is based on the aggregate number of payment card transactions (inclusive of credit, debit and prepaid) that a merchant handles. Volume is based on the number of transactions stored, processed or transmitted by the merchant.

6. What “Merchant Level” are you? Please note: AMEX and Discover requirements differ. Please call for more information.

7. Merchant “Validation” Requirements

8. What will SAQ 4 U accomplish for you? We will: Meet with you and ask brief interview-type questions to understand your business. Determine which SAQ form is required for your business. Complete the appropriate SAQ form and walk you through the results and the Attestation of Compliance validation process. Answer any questions you have and make suggestions for improvements.

9. WHY SAQ 4 U? We know that a “Self-Assessment” Questionnaire can be done by you. We also know that most people can mow their own lawns or clean their own homes, but they still hire Gardeners and House Cleaners. We want you to run your business, NOT fill out forms and research requirements.

10. Where is SAQ 4 U? TEXAS: Serving Austin, San Antonio and Houston CALIFORNIA: Serving San Diego, Los Angeles and Orange County Other locations being added fast. Call to request service in your area.

11. Next Step: Call SAQ 4 U to schedule an appointment today. CALL (713) 854-4410 or email Ralcala@saq4u-merchants.com www.saq4u-merchants.com