Site Data Protection and PCI

Advancing 
Awareness

Understand the Validation Requirements for Merchants


Onsite or Self Assessment

A detailed assessment performed by a PCI SSC certified Qualified Security Assessor (QSA) or by a certified Internal Security Assessor (ISA). The assessment validates to the Acquirer that the organization is handling card data in accordance with the Payment Card Industry Data Security Standards (PCI DSS).

Applies to:Level 1 & 2 Merchants

Self Assessment Questionnaire (SAQ)

Validation tool primarily used by merchants and service providers not required to undergo an onsite assessment in self evaluating their compliance with the PCI DSS

Applies to:Levels 2, 3 & 4 Merchants

External Vulnerability Scan

Vulnerability Scanning performed by an PCI SSC Approved Scanning Vendor (ASV) of all Internet –facing system components that are a part of or provide a path to the cardholder data environment.

Applies to:All Merchants (as applicable)



PCI Education

Also of Interest