Frequently Asked Question
Is the PCI DSS Attestation of Compliance intended to be shared?
Yes. The PCI DSS Attestation of Compliance is intended to be shared externally to requesting entities, according to applicable Participating Payment Brand rules and as noted in the Qualified Security Assessor Program Guide.
Entities should contact the payment brands directly for information about their compliance programs and reporting requirements. Contact details for the payment brands can be found in FAQ 1142: How do I contact the payment card brands?