How to Validate PCI DSS Compliance
The Payment Card Industry Data Security Standard (PCI DSS) is a set of basic security standards designed to help reduce the risk of theft and fraud of customers' sensitive credit and debit card data.
All businesses that accept credit and debit cards must be able to prove that they are in compliance with PCI DSS. This validation consists of the following steps:
1. Completing a Self-Assessment Questionnaire (SAQ) -- There are multiple versions of the PCI DSS SAQ designed to meet various business scenarios. Visit https://www.pcisecuritystandards.org/merchants/self_assessment_form.php for an overview of the SAQs and guidance to help you choose the right one for your business.
2. Perform Network Vulnerability Scanning -- This step may also be required, depending on how you process payments and the type of Internet connection you use. If required, you must use an Approved Scanning Vendor (or ASV) for the scanning. Visit https://www.pcisecuritystandards.org/qsa_asv/find_one.shtml for a complete list of ASVs.
Performing these two steps will help determine if there are any weaknesses or vulnerabilities in your payment system or network. If weaknesses or vulnerabilities are discovered, they must be resolved before your business can receive PCI DSS certification.