Site Data Protection and PCI


For Service Providers

Onsite Assessment

A detailed assessment performed by a PCI SSC certified Qualified Security Assessor (QSA). The assessment validates to the Acquirer that the organization is handling card data in accordance with the Payment Card Industry Data Security Standards (PCI DSS).

Applies to:Level 1 Service Providers

Self Assessment Questionnaire (SAQ)

Validation tool primarily used by merchants and service providers not required to undergo an onsite assessment in self evaluating their compliance with the PCI DSS

Applies to:Level 2 Service Providers

External Vulnerability Scan

Vulnerability Scanning performed by an PCI SSC Approved Scanning Vendor (ASV) of all Internet –facing system components that are a part of or provide a path to the cardholder data environment.

Applies to:  All Service Providers

PCI Education

Also of Interest