SAQ Type A for Merchants

SAQ A has been developed for merchants who have outsourced credit card functions to banks or approved third-party providers, where the merchant may only maintain paper reports or receipts with card data. SAQ A is applicable to merchants who conduct either electronic or telephone transactions, i.e. without a physical presence, and the merchants do not store, process or transmit card data in electronic form in their facilities or systems.

Merchants will need to confirm that they meet the following criteria in order to complete SAQ A:

  • Your company only accepts transactions without a physical presence (electronic or telephone).
  • All card data processing is outsourced entirely to banks or a PCI DSS certified service provider.
  • Your company does not store, process, or transmit card data electronically on your premises and/or systems, but relies entirely on a third-party provider to manage these functions.
  • The company has confirmed that all third-party providers that handle the storage, processing or transmission of card data are PCI DSS certified.
  • Any card data your company holds exists only in written form (for example, paper reports or receipts), and you have not received these documents electronically.
  • All data on all payment pages delivered to the consumer's browser comes only and directly from a PCI DSS validated third-party service provider.

Payment Flow

SAQ DOCUMENT

Download the SAQ that SAQ Type A merchants must comply with

SAQ Type A v4.0.1

Do you want to know the type and cost of your certification?

Cost calculation tool

With the easy-to-use certification type selection tool you can calculate the type and annual cost of your certification.

Cost calculation

TOP