From the course: Safeguarding Customer Credit Card Data: PCI Compliance
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Reporting levels and becoming compliant
From the course: Safeguarding Customer Credit Card Data: PCI Compliance
Reporting levels and becoming compliant
- Merchants are classified by the card brand or their acquiring bank, typically based on annual transaction levels of card present or not present purchases. Transaction levels can be viewed collectively for organizations associated with a parent brand and are entirely at the discretion of the acquiring bank. The levels go from level four, which is the smallest merchant at less than 20,000 transactions per year to level one, the largest at over six million per year. Based on the merchant level, they are required to complete either a report on compliance or ROC or a self-assessment questionnaire or SAQ. Once these are done, an attestation of compliance or AOC is signed by an executive of the organization. Documentation can be completed by a third-party qualified security assessor or QSA or an internal, but PCI certified, internal security assessor or ISA. The annual reporting requirements are different for each merchant…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.