SAQ B: Imprint-only merchants with no electronic card holder data storage, or, Stand-alone dial-up terminal merchants with no electronic card holder data storage. SAQ C: Merchants with payment systems connected to the Internet and no electronic cardholder data storage. SAQ D: All other merchants (not included in descriptions for SAQs A-C above) and all service providers defined by a payment brand as eligible to complete an SAQ D.
There are more, but this covers the basics. Once you have identified the category applicable to your business you must then fill in the relevant SAQ and Attestation of Compliance (AoC) PDF form. Use the SAQ form as a guide to evaluate your business’s security protocols.