PCI-DSS SAQ B v4.0 Assessment Template

SAQ B has been developed to address requirements applicable to merchants who process cardholder data only via imprint machines or standalone, dial-out terminals. SAQ B merchants may be either brick-and-mortar (card-present) or mail/telephone order (card-not-present) merchants, and do not store cardholder data on any computer system.

PCI-DSS Self-Assessment Completion Steps:

1. Identify the applicable SAQ for your environment¾refer to the Self-Assessment Questionnaire Instructions and Guidelines document on PCI SSC website for information.

2. Confirm that your environment is properly scoped and meets the eligibility criteria for the SAQ you are using (as defined in Part 2g of the Attestation of Compliance).

3. Assess your environment for compliance with applicable PCI DSS requirements.

4. Complete all sections of this document:

• Section 1 (Parts 1 & 2 of the AOC) – Assessment Information and Executive Summary
• Section 2 – PCI DSS Self-Assessment Questionnaire (SAQ B)
• Section 3 (Parts 3 & 4 of the AOC) – Validation and Attestation Details and Action Plan for Non-Compliant Requirements (if applicable)

5. Submit the SAQ and Attestation of Compliance (AOC), along with any other requested documentation—such as ASV scan reports—to your acquirer, payment brand, or other requester.