Frequently Asked Question

What type of assessor signatures are allowable for PCI SSC attestation documentation?

Attestation documents, including AOCs, AOVs, and program-related attestations, that are provided by the PCI SSC require an assessor's signature.  The assessor's signature signifies the individual has knowledge, approval, and acceptance of the document?s contents.  The signature should guarantee non-repudiation.  Acceptable forms of signature currently are wet signature (performed with ink) or PCI SSC-accepted electronic/digital signature (cryptographically protected, such as under the US Federal ESIGN Act, the Uniform Electronic Transactions Act (UETA), or European Union Regulation NO 910/2014 on Electronic Identification, Authentication and Trust Services (eIDAS)).

Please note the payment brands themselves manage their own associated compliance programs and may have their own mandates for what types of signatures they will accept. For information please contact the payment brands directly. Contact details for the payment brands can be found in FAQ #1142 How do I contact the payment card brands?

 
Originally published: June 2020
Article Number: 1481

Featured FAQ Articles