01Oct, 2017

What is the PCI DSS Attestation of Compliance?

Your company must attest that it is complying with the Data Security Standard annually if it handles credit card data electronically. This involves delivering a package of two or three items:

  1. Self-Assessment Questionnaire
  2. Regular network or website scanning by an Approved Scanning Vendor (may not be required in some cases) and a Report on Compliance by a Qualified Security Assessor (only needed by the very largest companies)
  3. Attestation of Compliance

There are 5 versions of the Attestation of Compliance, just as there are 5 versions of the Self-Assessment Questionnaire. If you qualify to use version A of the Questionnaire, use version A of the Attestation, etc.

Related Articles

The benefits of mandatory data breach notification laws in Australia

Mandatory data breach notification laws would result in greater security for Australians and improved protection of their sensitive information. And i

Read More

Cost of data breach report (with Australian Statistics)

Ponemon Institute 2013 Cost of Data Breach report The 2013 Cost of Data Breach report published by the Ponemon Institute (sponsored by Symantec) revea

Read More

How to survive a data breach

In the past two years, LinkedIn, eHarmony, Twitter, Adobe and, most recently, Target have suffered data breaches that together exposed more than 120 m

Read More

Credit card data discovery tools lay the foundation for good data security

Card Holder Data (CHD) discovery tools are becoming essential in identifying none secure sensitive data locations. Since December 2013, a series of da

Read More