Self-Assessment Questionnaire (SAQ)

PCI SAQ- Payment Card Industry Self-Assessment Questionnaire

A validation tool designed by the Payment Card Industry Security Standards Council (PCI SSC) for merchants and service providers to assess their compliance with the Payment Card Industry Data Security Standard (PCI DSS). It ensures every industry that uses acceptance, process, store, or transmit credit card information follows a secure surrounding.

PCI SAQs come in various forms, each designed to meet the needs of a particular kind of business and how it processes credit card payments.

  • SAQ A: Designed for merchants who don’t store, process, or transmit cardholder data on their systems and solely accept card-not-present transactions (e-commerce or mail/telephone orders).
  • SAQ A-EP: For retailers who accept online payments but contract with a third-party service provider that complies with PCI DSS for payment processing.
  • SAQ B: For retailers who do not store, process, or transmit cardholder data on their systems and instead employ standalone dial-out terminals or imprint machines.
  • SAQ B-IP: For retailers who do not store, process, or transmit cardholder data on their systems and instead employ stand-alone IP-connected payment terminals.
  • SAQ C: For retailers who do not keep cardholder data on their systems and instead handle cardholder data through a payment application system.
  • SAQ C-VT: For retailers who do not keep cardholder data on their systems and instead process cardholder data over a virtual terminal.
  • SAQ D: For retailers using their systems to handle, transmit, or store cardholder data.

It is vital to maintain by the businesses as it determines the compliance strength with PCI DSS.