We use cookies to give you the best browsing experience and to help us understand how you use our site. Cookies are small snippets of data stored on your computer and some have already been set. By continuing to use our website you are accepting our use of cookies. To find out more, read about cookies

Please note

We cannot answer specific queries about your account here. For Account queries please

Your selected question

What do I really have to do to become PCI DSS compliant?

According to the merchant level the merchant will either have to complete an annual Self Assessment Questionnaire (SAQ), or an Annual On-site Security Audit.

For those who self assess, we still recommend that merchants enlist the help of a Qualified Security Assessor (QSA), at least in the early stages, but this is not mandatory. On site security audits have to be validated by a QSA. Barclaycard Data Security Manager is a service we have created to help our smaller merchants become PCI compliant.

In addition, if the merchant has an e-commerce presence, they may have to complete (and pass) quarterly Network Scans, which have to be validated by an Approved Scanning Vendor (ASV).

Some QSAs are also ASVs. Barclaycard Data Security Manager employs the services of Sysnet Global Solutions to provide QSA expertise and scanning services.

You can find a list of approved QSAs on the Visa site.

You can find a list of approved ASVs on the Visa site.

How useful did you find the answer given?

Not at all Very useful