Note: The post written here considering only the Level 1 Service Providers.
As a part of due-diligence or Request for Proposal / Information, clients should verify/validate its merchant / service provider on the PCI DSS Compliance before getting into business or as on going activity if already partnered with Service Providers. The following documents will provide you with reasonable level of assurance to ensure the service provider is compliant with the PCI DSS Standards.
You can also visit the VISA and Master Card Service Providers listing to verify their compliance status,
- VISA Service Provider Listing: http://www.visa.com/splisting/searchGrsp.do
- MasterCard Compliant Service Provider List: http://www.mastercard.com/us/company/en/whatwedo/compliant_providers.html
Which document to be obtained from Level 1 Service Provider / Merchants to verify its PCI DSS Compliance?
High Level Documents:
- CoC “Certificate of Compliance” – certificate issued by PCI-QSA companies to service providers after validating Service Providers PCI compliance. It provides you the assurance that Service Provider has undergone PCI Assessment for the current year mentioned in the certificate and complied with PCI DSS Standard. In addition to the certificate, the payment processing web sites (Considering E-Commerce Sites) may also contains the digital seal issued by the QSA Companies which has the Start date and Expiry date of the PCI Compliance. Level 1 Merchants / Service providers are required to validate their PCI Compliance on Yearly basis by PCI QSA or by an ISA.
Security 'n' Compliance 