SAQ Type A-EP for Merchants

For e-commerce merchants that have partially outsourced payment processing to a third party provider The SAQ A-EP has been developed for merchants that conduct e-commerce transactions on their own website, which does not receive customer card data but affects the security of the transaction and/or the integrity of the website that accepts the consumer’s card data (e.g. iframe). The SAQ A-EP is for those merchants that partially outsource the e-commerce transaction to PCI DSS certified third party providers and do not store, process or transmit card data on their premises or systems. Merchants should confirm that they meet the following criteria in order to complete the SAQ A-EP:

Your company only accepts electronic transactions.

All card data processing, with the exception of the payment page, is entirely outsourced to a third-party PCI DSS certified payment provider.

  • Your website does not receive card data.
  • If the provider's website is hosted by a service provider, then that provider is certified to all applicable PCI DSS requirements.
  • Every element from the payment page that is transferred to the consumer's browser is either from the merchant's website or a third-party PCI DSS certified service provider.
  • Your company does not store, process, or transmit card data electronically on your premises or systems, but relies entirely on a third-party provider to manage these functions.
  • Any card data your company holds exists only in written form (for example, paper reports or receipts), and you have not received these documents electronically.
  • This SAQ applies only to electronic transactions
  • Note: For the purposes of SAQ A-EP, the PCI DSS requirements referred to in the “card data environment” apply to the merchant website. This is because the merchant website directly impacts how card payment data is transmitted, even if the site itself does not receive card data.

Payment Flows for Redirect & iFrame

SAQ DOCUMENT

Download the SAQ that merchants subject to SAQ Type A-EP must comply with

SAQ Type A-EP v4.0.1

Do you want to know the type and cost of your certification?

Cost calculation tool

With the easy-to-use certification type selection tool you can calculate the type and annual cost of your certification.

Cost calculation

TOP