• Skip to primary navigation
  • Skip to main content
  • Skip to footer
ControlCase No Tag LOGO md

ControlCase

IT Certifications, Continuous Compliance and Cybersecurity Services Provider

  • Company
    • About Us
    • Careers
    • Locations
    • Team
  • Industries
    • Business Process Outsourcing
    • Cloud Service Providers
    • Retail
    • Telecom | Entertainment
  • Certifications
    • PCI DSS Certification
    • CSA STAR Certification
    • GDPR Assessment
    • HIPAA Assessment
    • HITRUST Certification
    • ISO 27001 Certification
    • FedRAMP 3PAO Services and NIST 800-53
    • CMMC Compliance: NIST 800-171
    • MARS-E Assessment
    • P2PE Certification
    • PA DSS Certification
    • SOC2 Report
  • Solutions
    • Continuous Compliance Solution
    • One Audit
    • Card Data Discovery Software
    • Data Security Rating
  • Testing
    • Application Reviews
    • Application Security Training
    • Code Reviews
    • Card Data Discovery
    • External Vulnerability Scans
    • Firewall Security Reviews
    • Internal Vulnerability Scans
    • Log Monitoring
    • Penetration Testing
  • Resources
    • Events
    • News
    • Webinars
    • Courses
    • Newsletters
    • Blog
  • Contact Us

Which PCI SAQ Do I need?

You are here: Home / Blog / Which PCI SAQ Do I need?

We totally understand… its daunting to figure out which PCI DSS Self-Assessment Questionnaire (SAQ) you need to complete for your business. After all, there are nine of them!

Yes! you need to review where your business fits… or better yet… email ksimon@controlcase.com to schedule a quick call that will help you figure this out!

The PCI DSS Self-Assessment Questionnaires (SAQs) are validation tools for merchants and service providers that are eligible to evaluate and report their PCI DSS compliance via self-assessment. There are a number of different SAQs available that are intended meet the needs of particular types of environments:

1. SAQ A – Perhaps the simplest one…required if you have full outsourced all your cardholder data functions. So there is NO electronic storage, processing, or transmission of any cardholder data in your systems or premises.

2. SAQ A-EP – Applicable if you do not store, process or transmit cardholder data on your premises or on your systems – you use e-commerce only and have outsource the handling of all card data to a third party. However, although your website doesn’t handle card data, it could still impact the security of a transaction.

3. SAQ B – This one is not for e-commerce environments. It is applicable to merchants who do not store, process or transmit cardholder data BUT they use standalone, dial-out terminals or imprint machines.

4. SAQ B-IP – Also not for e-commerce environments. Required if you only use standalone, PTS-approved payment terminals with an IP connection to the payment processor and have no electronic cardholder data storage.

5. SAQ C-VT – Also not for e-commerce environments. Required if you use a virtual terminal on a computer that is solely for card processing. Again no electronic cardholder data is stored.

6. SAQ C – Required if you have a payment application connected to the Internet; even if you do not store any cardholder data.

7. SAQ P2PE – Required if you are using point-to-point encryption (P2PE) devices; even if you even if you do not store any cardholder data.

8. SAQ D for Merchants – Required if you are handling your own credit card processing or use a P2PE solution. Therefore, you may be storing credit card data electronically.

9. SAQ D for Service Providers – If you are a service eligible to complete an SAQ you need this one!

Completing your SAQ will not only improve your security but it will demonstrate that you consider and care about payment security to your clients, processors and other stakeholders.

FYI, ControlCase assists companies to achieve PCI compliance using SAQ.

Click Here to discuss your specific environment.

Related Blog

Why PCI DSS 4.0 Should Be on Your Radar?
With the release of PCI v4.0, the countdown has started for organizations already PCI DSS Certified to transition from PCI DSS v3.2.1 to the new PCI DSS v4.0 standard. With the timelines of one year to prepare for v4.0 and two years to fully ready for v4.0 future dated requirements, it is time to assess readiness for PCI DSS v4.0 and establish a detailed plan to meet the requirements and timelines.
PCI DSS v4.0 | Webinar
Deep Dive into notable changes: Promote Security as a Continuous Process Increased Flexibility and Customized Approach Increased Alignment between PCI ROC and PCI SAQ Keep up with the security needs of the Payment Industry and landscape (such as MFA/phishing, etc.)
Seminario Web PCI DSS v4.0
Los temas por tocar serían: Cambios incluidos en PCI DSS v4.0 Cambios críticos de PCI DSS v3.2.1 a v4.0 Cambios metodológicos de PCI DSS v3.2.1 a v4.0 Nuevos requerimientos que podrían necesitar un mayor esfuerzo en la implementación Desde la perspectiva de Latam
Aide-Mémoire PCI DSS v4.0
La norme de sécurité des données PCI (PCI DSS) a été établie en 2004 par les principaux émetteurs de cartes de paiement. Elle est maintenue par le Conseil des normes de sécurité PCI. Il fournit des exigences opérationnelles et techniques pour protéger les données des titulaires de cartes.
PCI DSS 4.0
Hosted by ControlCase and the PCI Security Standards Council, this 45-minute webinar will cover: History of PCI DSS (including current version 3.2) PCI DSS v4.0 High-Level Changes PCI DSS v4.0 Timeline
PCI DSS v4.0
The goals for PCI DSS v4.0 are to continue to meet the security needs of the payment industry, to promote security as a continuous process, to add flexibility for different methodologies, and to enhance validation methods.

About Us

ControlCase is a global provider of technology-driven compliance and security solutions. ControlCase is committed to partnering with clients to develop strategic information security and compliance programs that are simplified, cost effective and comprehensive in both on-premise and cloud environments.

ControlCase provides the best experts, customer experience and technology for regulations including PCI DSS, GDPR, SOC2, HIPAA, ISO 27001/2, CCPA, SWIFT, Microsoft SSPA, CSA STAR, SCA, PA DSS, PCI P2PE, PCI PIN, PCI 3DS, PCI Secure Software, PCI Secure SLC.

https://www.controlcase.com

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

Footer

Connect

Corporate Headquarters
12015 Lee Jackson Memorial Hwy, Suite 520, Fairfax, VA 22033

Send us a message

Call Us

About Us

ControlCase is a United States based company, headquartered in Fairfax, Virginia with locations in North America, Europe, Latin America, Asia/Pacific and the Middle East to serve our clients globally.

Quick Links

  • Company
  • Team
  • Careers
  • Locations
  • Covid-19 Notice

Certifications, Assessments and Reports

  • PCI DSS Certification
  • CSA STAR Certification
  • GDPR Assessment
  • HIPAA Assessment
  • HITRUST Certification
  • ISO 27001 Certification
  • FedRAMP and 3PAO Services
  • MARS-E Assessment
  • P2PE Certification
  • PA DSS Certification
  • SOC2 Report

© ControlCase LLC 2023 | Privacy Policy | Impartiality Statement | Legal Notices