The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes.
PCI DSS applies for:
- Online payments
SAQ = Self-Assessment Questionnaire
PCI DSS establish different types of SAQs, depending on security level.
Qualified Security Assessor (QSA) is a copmany has achieved a certification to audit on PCI DSS. A QSA is entitled to perform an audit.
Those companies with a high volume of transactions (level 1) require a Report of Compliance (RoC).
AoC = Attestation of Compliance
CDE = Cardholder Data Environment
Each PCI DSS document has a validity of a year. After that it must be renewed. In case it is not renewed, it is marked in yellow during 90 days, that is a margin to renew it in case you did not before.
How to check if a service provider is up to date regarding PCI DSS?
Electronic transfer companies provide on their websites a list of their service providers that are PCI compliant.
Links to list of PCI compliant service provider:
- Mastercard (then download PDF under “The Mastercard SDP Compliant Registered Service Provider List”)
PCI DSS Documentation
You can find the official documentation related to PCI DSS on this external link.
PCI DSS Qualifications
There are different certifications related to PCI DSS. The full list can be found on this external link.
Qualifications featured on this post:
- Approved Scanning Vendors
Internal Security Assessor (ISA)
Qualified Security Assessor (QSA)
Approved Scanning Vendors
Approved Scanning Vendors (ASV) are vendors certified by PCI DSS that can be hired by organizations audited for PCI DSS to perform vulnerability scans, as required by PCI DSS in specific circunstances.
You can find a list of ASVs on this external link.