“Ask the QSA”
Question: Is there a PCI Compliance certificate that we need to ask vendors for?
Answer: There is no “certificate” for PCI compliance. You can ask for an AOC (Attestation of Compliance) which, properly completed, should assist you in knowing what PCI compliant services your vendor provides.
Knowing your service providers’ PCI DSS compliance status provides assurance and awareness about whether they comply with the same requirements that your organization is subject to. If the service provider offers a variety of services, this requirement should apply to those services delivered to the client, and those services in scope for the client’s PCI DSS assessment.
Subscribe to this blog for additional payment security tips.