SAQ C-VT does not replace SAQ C. Each SAQ is designed to support a different type of cardholder data environment. At a high level, SAQ C is intended for merchants with payment applications connected to the Internet that are not connected to any other systems. SAQ C-VT is for merchants who manually enter a single transaction at a time into an Internet-based virtual terminal solution provided by a PCI DSS validated service provider. To be eligible for either SAQ, merchants must not have any electronic storage of cardholder data.
Please refer to the PCI DSS SAQ Instructions and Guidelines for more details on the different types of SAQs and eligibility criteria for each.
Merchants should also consult with their acquirer (merchant bank) to determine if they are eligible or required to submit an SAQ, and if so, which SAQ is appropriate for their environment.
Article Number 1063