Which type of Self-Assessment Questionnaire (SAQ) applies to e-commerce merchants who outsource all processing to compliant service providers?

The correct choice for e-commerce merchants who outsource all payment processing to compliant service providers is SAQ A.

SAQ A is specifically designed for merchants that do not store, process, or transmit cardholder data on their own systems or premises. Instead, these merchants utilize third-party service providers to handle all aspects of payment processing. This means that the risk to cardholder data is minimized since the merchant does not come into contact with it directly.

SAQ A simplifies the compliance process because it entails fewer requirements, focusing on the fact that the merchant's systems are not involved in storing or managing sensitive payment information. This is beneficial for e-commerce merchants who rely on fully PCI-compliant payment processing solutions provided by external vendors.

The other options pertain to different scenarios and levels of interaction with cardholder data. SAQ B, for instance, is meant for merchants who use standalone, dial-out terminals without electronic storage, while SAQ B-IP is for those using internet-based, point-of-interaction systems. SAQ A-EP applies to e-commerce merchants who still have some level of interaction with cardholder data, such as those who have a website that redirects the consumer to a third-party for payment processing but may still capture data in other ways