The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes.
PCI DSS applies for:
- Online payments
- Point-of-Sales
- etc.
SAQ = Self-Assessment Questionnaire
PCI DSS establish different types of SAQs, depending on security level.
- SAQ-A
- SAQ-B
- Etc.
Qualified Security Assessor (QSA) is a pcopmany has achieved a certification to audit on PCI DSS. A QSA is entitled to perform an audit.
AoC = Attestation of Compliance
RoC = Report on Compliance
CDE = Cardholder Data Environment
Each PCI DSS document has a validity of a year. After that it must be renewed. In case it is not renewed, it is marked in yellow during 90 days, that is a margin to renew it in case you did not before.
How to check if a service provider is up to date regarding PCI DSS?
Electronic transfer companies provide on their websites a list of their service providers that are PCI compliant.
Links to list of PCI compliant service provider:
- Mastercard (then download PDF under “The Mastercard SDP Compliant Registered Service Provider List”)
- Visa
You might be interested in…
External references
- “Official PCI Security Standards Council“; PCI
- “Payment Card Industry Data Security Standard“; Wikipedia
[…] PCI DSS […]