The Payment Card Industry Data Security Standard is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. The PCI DSS applies to any organization, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data, such as payment processors, acquirers, issuers, and service providers.
PCI Proxy’s Forward API allows you to distribute and share credit card data freely across PCI compliant level 1 and level 2 third-party service providers (Receivers). In order to ensure that you only share credit card data with compliant and trustworthy receivers, we have to validate the compliance status of the respectively third-party receiver to ensure continued protection of your customers credit card data.
Stores, processes, or transmits more than 300,000 credit card transactions annually
Stores, processes, or transmits less than 300,000 credit card transactions annually
1) Request a signed copy of the Attestation of Compliance (AOC) for onsite assessments.
2) Provide a copy of the AOC to firstname.lastname@example.org
3) You will be notified once the AOC is approved.
1) Request a signed copy of the Attestation of Compliance (AOC) for Self-Assessment Questionnaire D Service Provider
2) To obtain an additional measure of assurance, obtain a written and signed acknowledgement about the responsibility for the security of cardholder data with your third party receiver. Please contact your account manager at PCI Proxy for an example Letter of Acknowledgment (PCI DSS requirement 12.8.2 and 12.9).
3) Provide a copy of all documents to email@example.com
4) You will be notified once the AOC is approved.
Payment Card Industry Security Standards Council
Payment Card Industry Data Security Standard
Attestation of Compliance
AOC for onsite assessments: AOC-ServiceProviders.docx
Self-Assessment Questionnaire type D -
Reporting tool used to document self-assessment results from an entity’s PCI DSS assessment.
Qualified Security Assessor -
QSAs are qualified by PCI SSC to perform PCI DSS on-site assessments.
Internal Security Assessor - professionals of qualifying organizations which received PCI DSS training and certification that will improve the organization's understanding of the PCI DSS