Get Started

Main Menu

Utility Menu

Call Today

(866) 495-0423
Main Line
(866) 739-8324
US Support
(855) 812-5191
Canada Support

What PCI SAQ Do You Need To Complete For Your Business Type?

The Payment Card Industry Self-Assessment Questionnaire (PCI SAQ) is a mandatory verification tool that all card-accepting businesses must complete in order to determine their compliance level with the PCI Data Security Standard. 

Although it is a self-assessment, you are required to send the results to your payment provider to remain in good standing. This annual test is required, even if you already use a BluePay PCI-compliant payment gateway to process incoming transactions.

Which PCI SAQ Is Right for Your Business?

PCI SAQ is not a universal assessment. There are 8 separate tests available.  Which one to take ultimately depends on the type of organization you run, and how you and your payment provider handle credit card data.

  1. A: For online and phone-based businesses that outsource their payment processing 100 percent.
  2. A-EP: For online and phone-based businesses that partially outsource payment processing.
  3. B: For businesses that connect to phone line terminals.
  4. B-IP: For businesses with IP-connected payment processing terminals.
  5. C-VT: For businesses that use virtual terminals on a single computer.
  6. C: For businesses that use the Internet but don’t have electronic cardholder data storage.
  7. P2PE-HW: For businesses that only use POS terminals equipped with point-to-point encryption (P2PE).
  8. D: For all other businesses that don’t fit into one of the categories above.

Note that your qualifying category from previous years may no longer be the same. This is because the PCI SAQ has undergone important changes with the adoption of PCI 3.0. There are new questions, fields and requirements that didn't exist under PCI 2.0. 

Fortunately, ease of use is arguably the most important difference between PCI 2.0 and 3.0. The most recent version of PCI SAQ provides a lot more guidance, making it easier to complete the self-assessment.

What Role Does BluePay Play in the PCI Compliance Assessment?

We admit that this annual assessment can be tedious, but it's important since PCI-compliance can protect you from penalties and fraudulent losses. This is why we do everything in our power to ensure that our clients complete the assessment with as few inconveniences as possible.

We’ve provided a number of free resources to help you get started:

  • You can read about our PCI compliance and what steps we take to protect your customers’ financial data. 
  • This FAQ Page includes some of the most common questions merchants have about payment processing security.
  • Here is a useful article on PCI SAQ Forms and how to fill them out properly.
  • We’ve also provided a tutorial video that walks you through the most important steps.
  • When you’re ready to take the self-assessment, visit our dedicated BluePay PCI SAQ Page (hosted by ControlScan).

Still Need Help With PCI SAQ?

If you have questions about the PCI compliance assessment questionnaire or the difference between PCI 2.0 and 3.0, don't hesitate to contact our merchant services team today. 

Alternatively, you can email ControlScan directly at

Topics: PCI Compliance and Fraud Prevention

Welcome to the BluePay Blog!

Whether you're a small business, an enterprise corporation, a financial institution, or a software partner, we have created a series of blog posts to help you and your customers, learn more about the complex nature of payments. Take a look to learn how payments can help to simplify your business operation, and may even help to grow your revenue.

Recent Posts