The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes.

PCI DSS applies for:

  • Online payments
  • Point-of-Sales
  • etc.

SAQ = Self-Assessment Questionnaire

 PCI DSS establish different types of SAQs, depending on security level.

  • SAQ-A
  • SAQ-A-EP
  • SAQ-B
  • SAQ-B-IP
  • SAQ-C-VT
  • SAQ-C
  • SAQ-D
  • P2PE-HW

Qualified Security Assessor (QSA) is a copmany has achieved a certification to audit on PCI DSS. A QSA is entitled to perform an audit.

Those companies with a high volume of transactions (level 1) require a Report of Compliance (RoC).

AoC = Attestation of Compliance

CDE = Cardholder Data Environment

Each PCI DSS document has a validity of a year. After that it must be renewed. In case it is not renewed, it is marked in yellow during 90 days, that is a margin to renew it in case you did not before.

How to check if a service provider is up to date regarding PCI DSS?

Electronic transfer companies provide on their websites a list of their service providers that are PCI compliant.

Links to list of PCI compliant service provider:

  • Mastercard (then download PDF under “The Mastercard SDP Compliant Registered Service Provider List”)
  • Visa

PCI DSS Documentation

You can find the official documentation related to PCI DSS on this external link.

You might be interested in…

External references

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *