What is SAQ?

Self Assessment Questionnaire (SAQ) of PCI Data Security assists merchants and service providers permitted by the payment brands to self-evaluate their compliance with the Payment Card Industry Data Security Standards (PCI DSS).

Take SAQ Now


There are a total of 8 types of SAQ (A, A-EP, B, B-IP, C-VT, C, D, PEP2HW) that has been formulated for each category of merchants and service providers to understand their level of compliance. This assists them to check if they are compliant by answering a set of questions or if the company or the organization is operating towards the PCI DSS compliance standards.


SAQ A is a validation source for merchants who deal with enterprises or businesses that do not process card-based payments or transactions through their systems in an electronic format and that which has outsourced the cardholder data functions to a third party service providers who are PCI compliant.


SAQ A-EP is meant for merchants who deal e-commerce business and outsource all the processing of payments to PCI DSS validated third parties. It is also meant and who have a website(s) that doesn’t directly receive cardholder data but that can impact the security of the payment transaction. No electronic storage, processing, or transmission of any cardholder data on the merchant’s systems or premises. Applicable only to e-commerce channels.


SAQ B is the best questionnaire tool for merchants who are bound to use imprint machines or dial-out terminals with no electronic cardholder data storage.


SAQ B -IP is the perfect option for merchants using PIN Transaction Security (PTS) approved payment terminals with no electronic cardholder data storage and with an IP connection to the payment processor.


SAQ C-VT is a questionnaire tool that are used by enterprise merchants who enter each and every single transaction manually one by one at a time through keyboard into virtual terminal solution over the internet that is organized by a PCI DSS compliant third-party service provider.


SAQ C is the right questionnaire for merchants who deal with payments through application systems connected over the Internet network without electronic card data storage.


SAQ P2PE-HW is a validation source for merchants who depend on only hardware payment terminals that are managed and controlled through PCI SSC-listed P2PE solution, and which does not involve any storage of electronic cardholder data.


SAQ D-MER is meant for all business merchants who cannot check and validate if they are PCI DSS compliant with any of the other SAQ types.


SAQ D-SP is the questionnaire validation tool meant for all service providers who have been defined eligible to complete a SAQ by a payment brand.

Comodo Hackerguardian advances to provide PCI Compliance Wizard – a web-based application tool to assist merchants through the Process of PCI SAQ.