Compliance Reporting

Though the PCI SSC has assumed ownership and management of Visa and MasterCard's compliance reporting programs, it's still incumbent upon merchants and service providers to follow each card company's compliance reporting requirements, to ensure that the card company accepts and verifies their compliance status.

Compliance reports must be submitted according to each card's requirements. According to the PCI SCC, payment brands-MasterCard, Visa, American Express, Discover-will continue to focus on compliance of the security standards.

"Any entity that achieves PCI DSS compliance will need to continue sending the appropriate compliance validation documentation to the payment brands, financial institutes, or other agents that have a contractual relationship with the compliant entity," According to the PCI SSC FAQ.

"PCI SSC cannot be the central repository for this information. Our focus will remain on defining effective payment-related security standards, as well as educating and providing resources to the marketplace to drive awareness and adoption of these standards."

Qualified Security Assessors (QSA)
As with the ASVs, the Qualified Security Assessors (QSAs) conduct PCI validation assessments compliant with the PCI DSS. The skill level and competence of a QSA must meet the PCI SSC standards.

Individual QSAs, who perform PCI Data Security Assessments for merchants and service providers must be approved as a Qualified Security Assessor ("QSA") by the PCI SSC.

The PCI SSC defines the qualifications for QSAs and ASVs, as well as training, testing and certifying both. The PCI SSC Web sites, and the Visa and MasterCard Web sites, post the lists of qualified QSAs.

Suggested Links:

• https://www.pcisecuritystandards.org/pdfs/pci_qsa_list.pdf
• http://usa.visa.com/merchants/risk_management/cisp_merchants.html?it=c|/merchants/risk_management/cisp_overview.html|Merchants
• https://www.pcisecuritystandards.org/pdfs/asv_report.html

                    

Print this page

Send this page to a friend

PCI DSS: 5 Guidelines for Gaining PCI Compliance Step 1: An Introduction to PCI Compliance PCI Compliance Introduction Who Put the DSS in PCI? Step 2: Finding The PCI DSS Merchant, Service and Compliance Level Should Your Organization be Concerned about PCI Compliance? PCI DSS: The Visa CISP Program MasterCard SDA Program Defining Merchant Validation Levels Level 4 Merchant Compliance Visa PCI CAP Program Defining Service Provider Validation Levels Acquirer Responsibility Calculating Merchant Transactions PCI DSS: Visa and MasterCard Quick Reference Guide Step 3: Attaining PCI DSS Compliance-Merchant Security Audits: 12 Requirements Build and Maintain a Secure Network Protect Cardholder Data Maintain a Vulnerability Management Program Implement Strong Access Control Measures Regularly Monitor and Test Networks Step 4: Finding a PCI DSS Approved Scanning Vendor (ASV) Do You Need an ASV? Merchant and Service Provider Scanning Requirements Compliance Reporting Visa and Compliance Reporting MasterCard and Compliance Reporting Step 5: Completing the PCI DSS Self Questionnaire Completing the PCI DSS Self Questionnaire PCI Compliance Polls Are you currently PCI Compliant? Yes No Working towards compliance Why are you looking at PCI Compliance Required By Credit Card Processor Required By Bank Want to meet industry standards Looking to secure network What merchant level do you fall under for PCI Compliance? Level 1 Level 2 Level 3 Level 4 I have no idea View PCI Merchant Level Results View All PCI Compliance Poll Results EV SSL Certificate Guide Sponsored Listing: