GLOSSARY

SAQ A-EP (Self-Assessment Questionnaire A-EP)

Last Update: 17 Mar 2026

The Self-Assessment Questionnaire A-EP (SAQ A-EP) is a specific PCI DSS compliance validation document designed for e-commerce merchants who outsource all payment processing to PCI DSS validated third parties, but who have a website(s) that directly impacts the security of the payment transaction.

Who Needs to Fill Out SAQ A-EP?

This form is typically required for merchants who use a direct post method, where the consumer enters their credit card data on the merchant's website, but the data is silently and securely transmitted directly to the payment processor (bypassing the merchant's servers). Because the merchant's website still controls how the data is routed, it remains a potential target for hackers and requires strict security validation.

Navigating SAQ Types with Onlayer

Merchants are often deeply confused by the various SAQ types (A, A-EP, B, C, D) and frequently submit the wrong one, causing compliance delays. Onlayer features an Intelligent PCI Wizard that guides merchants to the exact SAQ type automatically using smart Q&A logic. This achieves a 100% SAQ classification match rate without manual risk team intervention.

Other resources you’ll like

GuidesThe Complete Guide to Merchant Onboarding for Acquirers, Banks & PSPsHow modern financial institutions are cutting onboarding time, reducing operational friction, and growing their merchant portfolios with AI-driven platforms.30 Mar 2026, 8 min read

Case StudyFrom Manual Reviews to Automated Compliance at ScaleSee how a Tier-1 GCC Acquiring Bank transform their operations to a more scalable system with utilizing Onlayer^s product suite. 24 Dec 2025,

BlogWhat to Watch Out For in E-Commerce SecurityLet's examine the e-commerce security outlook and discuss the potential risks and challenges that online retailers and consumers may face.5 Jun 2023,

Ready to take control of merchant risk?

See how Onlayer fits your workflow in a short demo.

Book a demo