Your selected question
What do I really have to do to become PCI DSS compliant?
According to the merchant level the merchant will either have to complete an annual Self Assessment Questionnaire (SAQ), or an Annual On-site Security Audit.
For those who self assess, we still recommend that merchants enlist the help of a Qualified Security Assessor (QSA), at least in the early stages, but this is not mandatory. On site security audits have to be validated by a QSA. Barclaycard Data Security Manager is a service we have created to help our smaller merchants become PCI compliant.
In addition, if the merchant has an e-commerce presence, they may have to complete (and pass) quarterly Network Scans, which have to be validated by an Approved Scanning Vendor (ASV).
Some QSAs are also ASVs. Barclaycard Data Security Manager employs the services of Sysnet Global Solutions to provide QSA expertise and scanning services.
You can find a list of approved QSAs on the Visa site.
You can find a list of approved ASVs on the Visa site.
How useful did you find the answer given?Not at all Very useful