Free · ~2 minutes · No card

Which PCI SAQ do you actually need?

Most merchants can’t answer that, and it’s the first thing your acquiring bank asks. Answer a few questions about how you accept cards and get your likely SAQ type on screen, free, plus a directional read on five baseline PCI controls.

Free · Your SAQ on screen instantly · Nothing to install

Part 1 · How you accept payment cards
Part 2 · Five baseline PCI controls

Everything is computed in your browser from your own answers. Never enter card numbers here.

Your likely SAQ type
SAQ D
0
of 5 baseline PCI controls need work

Your SAQ is the starting line, not the finish.

This free check names your likely SAQ and samples five controls. The paid PCI DSS v4.0 Readiness & Gap Analysis confirms your SAQ with full rationale and scope, marks every one of the 12 PCI DSS v4.0 requirements covered, partial, or gap, and hands you a prioritized 30/60/90 remediation roadmap with the evidence your assessor will ask for. PDF in your inbox within hours.

Methodology & honest limits

Your SAQ type is determined from how you reported accepting cards, using the same logic as our paid engine and the PCI SSC SAQ eligibility rules. It is indicative, a starting point to confirm against the current PCI SSC SAQ Instructions and, where applicable, your acquiring bank or a Qualified Security Assessor.

This is a directional self-assessment, not a QSA assessment, not a completed SAQ, and not a signed Attestation of Compliance. It does not certify or guarantee PCI DSS compliance. The five-control readiness read is a sample, so your real exposure can be wider. “Not sure” is scored as a gap on purpose: a control you can’t evidence is a control you can’t claim.