PCI Compliance Validation. European Payment Council (EPC).

Audits and Self-Assessments

Network Scans

Report on Compliance

PCI Report on Compliance and Visa

Level 1–3 Merchants

Level 1 Merchants (via Acquirer)

On-site PCI data security assessment completed by QSA

Letter signed by a merchant officer

Confirmation of report accuracy form completed by QSA

Acquirer accepts ROC and submits confirmation ROC form and acceptance letter to Visa

Level 1, 2, and 3 Merchants

Acquirers responsible for ensuring quarterly network security scans for Level 1, 2, and 3 Merchants

Quarterly network security scans may be required of Level 4 Merchants as specified by their acquirers

Level 2 and Level 3 Merchants

Must complete the annual PCI self-assessment questionnaire

Level 4 Merchants may be required by their acquirers to complete the PCI self-assessment questionnaire

Service Providers

Level 1 and Level 2 Service Providers

Annual self-assessment questionnaire

Annual on-site PCI data security assessment

Supply to the acquirer, serving as a template for the ROC

Employ a QSA to complete the Report on Compliance

Level 1, 2, and 3 Service Providers

ASV performs a quarterly network scan on the Internet-facing network perimeter systems

Level 3 Service Providers

Complete the annual PCI self-assessment questionnaire

https://www.bestitdocuments.com/Samples