Merchant Training & Trusted Partners

People are a critical part of keeping your payment data safe and secure. The PCI SSC provides training for merchants on payment data security essentials and resources for identifying and hiring qualified and trusted vendors and service providers that will help protect payment data.


People are your first line of defence.

Merchant Training

The PCI SSC offers a range of training and certification programs to support your organization’s payment security efforts. Use this guide to help determine which training is right for you and your organization.

Understand how PCI Standards can help protect cardholder data


Perform internal assessments for PCI compliance

Apply the PCI Standards to your organization and earn a renewable PCI credential

Trusted Partners

To help you identify trusted partners who will prioritize payment data security, the PCI SSC maintains listings of trained and qualified companies for merchants. Refer to the descriptions below for more information and to access the PCI SSC listings.

An ASV is an organization with a set of security services and tools (“ASV scan solution”) to conduct external vulnerability scanning services to validate adherence with the external scanning requirements of PCI DSS Requirement 11.2.2.

PCI Forensic Investigator training is a two-part program. The first is a seven-hour prerequisite course and exam about PCI Fundamentals. It’s followed by an in-depth course that can be taken via online eLearning format and exam.

The Qualified Integrators and Resellers (QIR) Program outlines guiding principles and procedures for the secure installation and maintenance of payment applications in a merchant environment, in a manner that supports their PCI DSS compliance efforts.

Qualified Security Assessor (QSA) companies are independent security organizations that have been qualified by the PCI Security Standards Council to validate an entity’s adherence to PCI DSS.

Other Resources

Merchants may also come into contact with a number of payment vendors or services providers that can impact the security of payment data and your business.

Secure E-commerce Service Providers

If you don’t already, consider using a PCI DSS compliant service provider to help you securely process your e-commerce payment transactions, and/or to manage your e-commerce website. Refer to the payment brand lists below as a resource.

MasterCard List of Compliant Service Providers
Visa Global Registry of Service Providers
Visa Europe Registered Member Agents

Use this guide to help identify other common type of payment vendors and service providers and what you should look for with each vendor.