The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes.

PCI DSS applies for:

  • Online payments
  • Point-of-Sales
  • etc.

SAQ = Self-Assessment Questionnaire

 PCI DSS establish different types of SAQs, depending on security level.

  • SAQ-A
  • SAQ-B
  • Etc.

Qualified Security Assessor (QSA) is a pcopmany has achieved a certification to audit on PCI DSS. A QSA is entitled to perform an audit.

AoC = Attestation of Compliance

RoC = Report on Compliance

CDE = Cardholder Data Environment

Each PCI DSS document has a validity of a year. After that it must be renewed. In case it is not renewed, it is marked in yellow during 90 days, that is a margin to renew it in case you did not before.

How to check if a service provider is up to date regarding PCI DSS?

Electronic transfer companies provide on their websites a list of their service providers that are PCI compliant.

Links to list of PCI compliant service provider:

  • Mastercard (then download PDF under “The Mastercard SDP Compliant Registered Service Provider List”)
  • Visa

You might be interested in…

External references

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *