Frequently Asked Question

What is the involvement of the PCI SSC on the compliance validation processes for PCI DSS assessments and scan reports?

While the PCI Security Standards Council (PCI SSC) manages the security standards and provides training for security assessors, we do not enforce compliance or define validation reporting requirements. Compliance validation programs are maintained by the individual payment brands, including requirements on how and who needs to validate compliance. The PCI SSC recommends that entities contact their acquirer and/or the payment brands directly, as applicable, to understand their validation reporting requirements. Please contact the payment brands directly.
January 2013
Article Number: 1212

Featured FAQ Articles