PCI DSS v4.0.1 · Merchant Levels 2–4

Get help becoming PCI DSS compliant.

Purpose-built guidance for e-commerce merchants on SAQ A and SAQ A-EP. Pick the SAQ that fits your checkout setup and we'll walk you through every applicable PCI DSS v4.0.1 requirement, end-to-end.

AI Advisor for SAQ A

For e-commerce merchants who use a fully hosted checkout (Stripe redirect, PayPal Standard, Shopify-hosted) where card data never touches your servers. Walks through every SAQ A requirement one question at a time.

21 questions covering all SAQ A sub-requirements
Plain-English explanations for each
Saved progress, resumable any time
Scored PDF report at the end

Start SAQ A Assessment

AI Advisor for SAQ A-EP

For e-commerce merchants whose website touches the payment flow (Stripe Elements, custom iframes, embedded forms). Covers the broader SAQ A-EP scope including network security and patching.

Covers all 88 SAQ A-EP sub-requirements
Includes firewall and patching coverage
Saved progress, resumable any time
Scored PDF report at the end

Start SAQ A-EP Assessment

Built for online stores

Specifically for SAQ A and SAQ A-EP merchants. Other types are not currently supported.

Reuse every year

Reports are timestamped so you can submit them as your annual filing.

Built from the official spec

Questions mirror the PCI Security Standards Council's SAQ documents 1:1.

Not sure which one you need? If your customers are sent to a third-party page (Stripe, PayPal, Shopify checkout) for payment, choose SAQ A. If your own page collects card details (Stripe Elements, custom form), choose SAQ A-EP.