more-arw search

Q&A Forum

Do you have to have a third party audit in order to be considered "PCI compliant"?

Answers

Mark Richards
Title: President
Company: KalioTek
(President, KalioTek) |

Not everyone accepting payment cards is required to have an onsite third-party audit. At present, only level 1 merchants and service providers (over 6M payment card transactions per year)are required to have an on site audit from a PCI-certified Qualified Security Assessor (QSA). Individual card brands (MasterCard, Visa...) or your acquiring bank may make a specific request for you to have an onsite audit even at lower transaction levels. For example, MasterCard will require Level 2 merchants (between 1M and 6M transations/year)to have onsite audits in the future. Check with your acquiring bank to confirm.

All others are required to complete a Self Assessment Questionnaire (SAQ) and submit an Attestation of Compliance. Four different questionnaires apply to different types of businesses. Most companeis that take transactions over the internet are required to submit a Type D. This is the most extensive of the four, and covers all the same questions that an onsite assessment would entail.

If you are not fully confident of your status or the meaning of the requirements, you may want to engage a security consutlant to help with the self-assessment. This is typically much less expensive than a formal onsite audit and can help you avoid costly consequences in the event of a security breech.

Here are a few links to the Payment Card INdustry (PCI) organization web site with the official requirements and materials.

Self Assessment Questionnaire
https://www.pcisecuritystandards.org/saq/instructions_dss.shtml#instructions

Quick Reference Guide
https://www.pcisecuritystandards.org/pdfs/pci_ssc_quick_guide.pdf

2582 views
Topics
Products and Companies

Get Free Membership

By signing up, you will receive emails from Proformative regarding Proformative programs, events, community news and activity. You can withdraw your consent at any time. Contact Us.

Business Exchange

Browse the Business Exchange to find information, resources and peer reviews to help you select the right solution for your business.

Learn more

Contribute to Community

If you’re interested in learning more about contributing to your Proformative community, we have many ways for you to get involved. Please email content@proformative.com to learn more about becoming a speaker or contributing to the blogs/Q&A Forum.