Completing the PCI Self-Assessment Questionnaire (SAQ)

According to payment brand rules, all merchants and their service providers are required to comply with the PCI Data Security Standard in its entirety. Part of this compliance is the completion of a Self-Assessment Questionnaire (SAQ) and Attestation of Compliance. Use the table below to determine which SAQ/Attestation of Compliance applies to your business. Download the document here, complete it using the instructions provided in the document, and keep it on file at your place of business.

Type of business

Required SAQ/Attestation

Self Assessment Questionnaire A
and Attestation of Compliance
 All cardholder data functions outsourced. No Electronic Storage, Processing, or Transmission of Cardholder Data.

69KB

Assessment Questionnaire B
Imprint Machines or Standalone Dial out terminal Only,
No Electronic Cardholder Data Storage.

81KB

Assessment Questionnaire C
Payment Application Connected to Internet,
No Electronic Cardholder Data Storage.

98KB

Self Assessment Questionnaire C-VT
Web Based Virtual Terminal, No Electronic Cardholder Data Storage.

464KB

Assessment Questionnaire D
All other SAQ Eligible Merchants and Service Providers.

176KB
SAQs in other languages

Understanding the Compliance Process booklet

The Prioritized Approach to Pursue PCI DSS Compliance (PDF: 1.4 MB)

If you have questions, refer to this SAQ Frequently Asked Questions (PDF: 32 KB).

If your question is not answered there, contact MRA's John Mayleben at This e-mail address is being protected from spambots. You need JavaScript enabled to view it or 800.366.3699.

Powered By: Easyfish Marketing