title

If you are a merchant [ i.e. accept payment for good or services by card ] youl will fit within one of the four "Merchant Levels". Those are : Level 1, Level 2, Level 3, and Level 4.

If you are a processor [ i.e. process the card transaction on behalf of a merchant ] you will fit within one of the three "Processor Levels" and those are : Level 1, Level 2, and Level 3.

For both the merchant and processor alike, the level of compliance is dictated by the volume of transactions [ both as number and as value ] you accept or process every year. More than 90% of "merchant" entities out there would fit within the Merchant Level 4, compliance level. - In details documentation of all of those levels can be found on our Knowledgebase "PCI | DSS" section .

If you're just getting started with PCI compliance, you can find a wealth of information on the PCI Council website. For more information, download the PCI Council's Getting Started Guide and the Quick Reference Guide. In addition, you may wish to take advantage of complimentary webcasts and other educational tools offered by us. Webgo Network can also assist you via a Gap Analysis, ASV Managed Service or other PCI consulting engagement.

In their own alone, the straight answer is : NO. The only documentation recognized for PCI DSS validation are the official documents from the PCI SSC website. Any other form of certificate or documentation issued for the purposes of illustrating compliance to PCI DSS or any other PCI standard are not authorized or validated, and their use is not acceptable for evidencing compliance. The use of certificates or other non-authorized documentation to validate PCI DSS Requirement 12.8 and/or Requirement 12.9 is also not acceptable.

The PCI SSC website is the only source of official reporting templates and forms that are approved and accepted by all payment brands. These include Report on Compliance (ROC) templates, Attestations of Compliance (AOC), Self-Assessment Questionnaires (SAQ), and Attestations of Scan Compliance for ASV scans. Only these official documents and forms are acceptable for the purposes of compliance validation.

However : Because certificates and other non-authorized documentation are not officially recognized, entities that receive these documents to indicate their own compliance [ for example, from a QSA or ASV ] or another entity’s compliance [ for example, from a service provider ] should request that official PCI SSC documentation be provided. Any organization issuing, providing, or using certificates as an indication of compliance must also be able to provide the official documents to backup any compliance certification claims.

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt. Neque porro quisquam est, qui dolorem ipsum quia dolor sit amet, consectetur, adipisci velit, sed quia non numquam eius modi tempora incidunt ut labore et dolore magnam aliquam quaerat voluptatem.