Links

PCI DSS Validation

The Payment Card Industry Data Security Standard is a set of security standards designed to ensure that all companies that accept, process, store or transmit payment information maintain a secure environment. The PCI DSS applies to any organization, regardless of size or number of transactions, that accepts, transmits or stores any payment data, such as payment processors, acquirers, issuers, and service providers.
Using the Forward Proxy allows you to distribute sensitive payment data freely across PCI-compliant endpoints (Receivers). In order to ensure that you only share payment data with compliant and trustworthy Receivers, we help you to validate the compliance status of the respectively third-party Receiver to ensure continued protection of your customers' payment data.
PCI DSS Level 1 Service Provider (Onsite-Assessment)
PCI DSS Level 2 Service Provider (Self-Assessment)
Stores, processes, or transmits more than 300,000 credit card transactions annually
Stores, processes, or transmits less than 300,000 credit card transactions annually

Validation for Level 1 Service Providers

Level 1 Service Provider must complete an annual Onsite Assessment conducted by a PCI SSC certified Qualified Security Assessor (QSA) or Internal Security Assessor (ISA).
Please obtain the document stated below:
  1. 1.
    Request a signed copy of the Attestation of Compliance (AOC) for Onsite Assessments.
  2. 2.
    Provide a copy of the AOC to [email protected]
  3. 3.
    You will be notified once the AoC is approved.

Validation for Level 2 Service Providers

Level 2 Service Provider must complete an annual self-assessment with Self-Assessment Questionnaire D.
Please obtain the documents stated below:
  1. 1.
    Request a signed copy of the Attestation of Compliance (AOC) for Self-Assessment Questionnaire D.
  2. 2.
    To obtain an additional measure of assurance, obtain a written and signed acknowledgment about the responsibility for the security of cardholder data with your Receiver (please refer to PCI DSS requirement 12.8.2, 12.9). Please contact your Technical Account Manager at PCI Proxy for an example Letter of Acknowledgment.
  3. 3.
    Provide a copy of the AOC and Letter of Acknowledgment to [email protected]
  4. 4.
    You will be notified once the documents are approved.
Please note that the only documentation recognized for PCI DSS validation are the official documents from the PCI SSC website. Any other form of certificate or documentation issued for the purposes of illustrating compliance to PCI DSS or any other PCI standard are not authorized or validated, and their use is not acceptable for evidencing compliance. The use of certificates or other non-authorized documentation to validate PCI DSS Requirement 12.8 and/or Requirement 12.9 is also not acceptable.

PCI DSS Glossary

Acronym
Definition
Further information
PCI SSC
Payment Card Industry Security Standards Council
PCI DSS
Payment Card Industry Data Security Standard
AOC
Attestation of Compliance
AOC for onsite assessments: AOC-ServiceProviders.docx
SAQ-D
Self-Assessment Questionnaire type D -
Reporting tool used to document self-assessment results from an entity’s PCI DSS assessment.
QSA
Qualified Security Assessor -
QSAs are qualified by PCI SSC to perform PCI DSS on-site assessments.
ISA
Internal Security Assessor - professionals of qualifying organizations which received PCI DSS training and certification that will improve the organization's understanding of the PCI DSS