A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS). During the assessment, a PCI Qualified Security Assessor (QSA) determines whether the business has met the PCI DSS 12 requirements, either directly or through a compensating control.

All major credit card companies require their merchants and service providers who store, process or transmit cardholder data to comply with PCI DSS. Those who process over 6 million Visa transactions a year (and are therefore Level 1 merchants) must undergo a PCI assessment performed by a QSA. The QSA completes a Report on Compliance (ROC) that verifies the business' PCI DSS compliance. The ROC is sent to the business' acquiring bank, which then sends it to the appropriate credit card company for verification.

24 Apr 2012