Visa and Compliance Reporting

Level 1 Merchants

According to the Visa Web site, the template for the Report on Compliance is the actual Annual On-Site PCI Data Security Assessment document.

In order to complete the Report on Compliance, Level 1 merchants need a Qualified Security Assessor (QSA) to complete the Report on Compliance and present the report to the merchant/service provider's acquirer.

A merchant's acquirer may choose to accept the Report on Compliance from a Level 1 merchant, with a letter signed by a merchant officer within the organization, along with the report. Level 1 merchants must also submit the Confirmation of Report Accuracy form completed by their QSA to their acquirers.

Once the acquirer accepts the information, the acquirer must submit the Confirmation of Report Accuracy form and a letter accepting the merchant's full compliance validation to Visa upon receipt and acceptance of the merchant's validation documentation.

Level 1, 2 and 3 Merchants
According to the Visa Web site, acquirers are responsible for ensuring that the quarterly network security scans required of their levels 1, 2, and 3 merchants are performed by an ASV. The Quarterly Network Security Scan may be required of level 4 merchants as specified by their acquirer.

Level 2 and Level 3 Merchants
Level 2 and 3 merchants must complete the Annual PCI Self-Assessment Questionnaire. Level 4 merchants may be required to complete the PCI Self-Assessment Questionnaire as specified by their acquirer.

Level 1 and Level 2 Service Providers
Level 1 and 2 service providers must complete the Annual Self-Assessment Questionnaire and Annual On-Site PCI Data Security Assessment. The results from both must be supplied to the acquirer, and the documents may serve as the template for the Report on Compliance.

Levels 1 and 2 service providers must employ a (QSA) to complete the Report on Compliance.

Level 1, 2 and 3 Service Providers

Level 1, 2, and 3 service providers are accountable for ensuring that an ASV performs a quarterly network scan on the Internet-facing network perimeter systems.

Level 3 Service Providers

Level 3 service providers must complete the Annual PCI Self-Assessment Questionnaire.

                    

Print this page

Send this page to a friend

PCI DSS: 5 Guidelines for Gaining PCI Compliance Step 1: An Introduction to PCI Compliance PCI Compliance Introduction Who Put the DSS in PCI? Step 2: Finding The PCI DSS Merchant, Service and Compliance Level Should Your Organization be Concerned about PCI Compliance? PCI DSS: The Visa CISP Program MasterCard SDA Program Defining Merchant Validation Levels Level 4 Merchant Compliance Visa PCI CAP Program Defining Service Provider Validation Levels Acquirer Responsibility Calculating Merchant Transactions PCI DSS: Visa and MasterCard Quick Reference Guide Step 3: Attaining PCI DSS Compliance-Merchant Security Audits: 12 Requirements Build and Maintain a Secure Network Protect Cardholder Data Maintain a Vulnerability Management Program Implement Strong Access Control Measures Regularly Monitor and Test Networks Step 4: Finding a PCI DSS Approved Scanning Vendor (ASV) Do You Need an ASV? Merchant and Service Provider Scanning Requirements Compliance Reporting Visa and Compliance Reporting MasterCard and Compliance Reporting Step 5: Completing the PCI DSS Self Questionnaire Completing the PCI DSS Self Questionnaire PCI Compliance Polls Are you currently PCI Compliant? Yes No Working towards compliance Why are you looking at PCI Compliance Required By Credit Card Processor Required By Bank Want to meet industry standards Looking to secure network What merchant level do you fall under for PCI Compliance? Level 1 Level 2 Level 3 Level 4 I have no idea View PCI Merchant Level Results View All PCI Compliance Poll Results EV SSL Certificate Guide Sponsored Listing: