Confused about which PCI Compliance questionnaire to use? This guide clarifies SAQ validation types to ensure compliance. Contact Audit Advantage for assistance
Use the following table to confirm that you are completing the correct PCI Compliance questionnaire.
If you have any questions about Payment Card Industry (PCI) compliance, please contact the professionals at Audit Advantage by calling 877-799-2720 or by email at [email protected].
| SAQ Validation Type | Description | # of Questions | ASV Scan Required? |
| A | Card-not-present merchants: all payment processing functions fully outsourced, no electronic cardholder data storage | 14 | No |
| A – EP | E-commerce merchants re-directing to a third-party, PCI compliant service provider for payment processing, no electronic cardholder data storage | 139 | Yes |
| B | Merchants with only imprint machines or only standalone dial-out payment terminals: No e-commerce or electronic cardholder data storage | 41 | No |
| B – IP | Merchants with standalone IP (Internet) connected payment terminals: No e-commerce or electronic cardholder data storage | 83 | Yes |
| C | Merchants with payment application systems connected to the Internet: No e-commerce or electronic cardholder data storage | 139 | Yes |
| C – VT | Merchants with web-based virtual payment terminals: No e-commerce or electronic cardholder data storage | 73 | No |
| D – Merchant | All other SAQ eligible Merchants, or those that electronically store cardholder data | 326 | Yes |
| D – Service Provider | SAQ eligible service providers | 347 | Yes |
| P2PE | Hardware payment terminals in a validated PCI P2PE solution only: No e-commerce or electronic cardholder data storage | 35 | No |