Facebook Twitter Linked In
Panacea InfoSec

Validation on Demand

Love it or hate it, the payment industry standards provides very clear guidelines for assessing compliance. All enterprises with cardholder agreements are required to comply, and to do so, they must ensure that their service providers are also compliant. Clear enough?

Are You a Service Provider?

What is less clear, however, is the definition of a ‘service provider’. Certainly, any firm that stores, processes or transmits cardholder data (and is not a merchant) is a service provider. Increasingly, security-conscious enterprises are asking third parties that simply manage important controls to also pursue and validate compliance.

This new broader definition of a service provider is both good for the merchants and the service providers as it draws important business partners into discussions on security and raises the bar on transparency and communication.

How to Get Validated

If you are a Level 1 service provider, you need an independent assessment and Attestation of Compliance (AOC) to get listed by the major card brands as a validated service provider. Panacea InfoSec is the top independent consultant of service providers and our reports have always satisfied the requirements set forth by Visa and MasterCard.

If you are a  Level 2 service provider (that is, you process fewer than 200,000 transactions annually), you are also required to be fully compliant with the Payment Industires standards, but you have options regarding validation.

The fastest and easiest way may be to complete a Self Assessment Questionnaire (SAQ), either on your own or with the help of an outside assessor.  However, many service providers are now choosing to conduct external assessments so they can file an AOC and be listed by Visa and MasterCard.

Panacea InfoSec encourages you to pick the validation method that is most appropriate for your customers and is the best match for your in-house skill sets. Regardless of your choice, Panacea InfoSec can help.

Contact us