Framework Guidance

Information on various compliance frameworks and their requirements.

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. PCI DSS applies to merchants and service providers, and attestation can be made either through self-assessment or a third-party audit by a Qualified Security Assessor (QSA) firm.

The Payment Card Industry Data Security Standard (PCI DSS) applies to any merchant or service provider that stores, processes, transmits, or can impact the security of cardholder data (CD).

PCI assessments evaluate the environment over the previous year and the PCI Attestation of Compliance (AoC) is good for one year. A PCI AoC should be renewed annually. 

The PCI report is used to verify that you are compliant with the Payment Card Industry Data Security Standard (PCI DSS).

As a merchant, your acquiring bank, payment processor, or other service providers that you utilize in the card transaction process may request this verification.

As a service provider, if you handle cardholder data (CD), your customers may request this verification.

Was this article helpful?

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.