The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes.
PCI DSS applies for:
- Online payments
SAQ = Self-Assessment Questionnaire
PCI DSS establish different types of SAQs, depending on security level.
Qualified Security Assessor (QSA) is a copmany has achieved a certification to audit on PCI DSS. A QSA is entitled to perform an audit.
Those companies with a high volume of transactions (level 1) require a Report of Compliance (RoC).
AoC = Attestation of Compliance
CDE = Cardholder Data Environment
Each PCI DSS document has a validity of a year. After that it must be renewed. In case it is not renewed, it is marked in yellow during 90 days, that is a margin to renew it in case you did not before.
How to check if a service provider is up to date regarding PCI DSS?
Electronic transfer companies provide on their websites a list of their service providers that are PCI compliant.
Links to list of PCI compliant service provider:
- Mastercard (then download PDF under “The Mastercard SDP Compliant Registered Service Provider List”)
PCI DSS Documentation
You can find the official documentation related to PCI DSS on this external link.