Easiest path
SAQ A: fully outsourced
Around 24 requirements under v4.0.1. For merchants who use a hosted payment page (Stripe Checkout, PayPal, Shopify Payments) where customers are redirected entirely off your domain. Card data never enters your servers. Annual cost: $300 to $1,000.
Common mistake: assuming you qualify when JavaScript on your payment page can intercept card data before it reaches the provider. Since v4.0.1 (effective 31 March 2025), SAQ A eligibility requires confirming your entire site is not susceptible to script attacks, so if your site loads scripts on the payment page you almost certainly need SAQ A-EP instead.