PCI DSS 2.0 - Steps to Compliance
Validation of PCI DSS compliance is performed annually either internally or externally, depending on the volume of payment card transactions the business is handling. Businesses handling large volumes of transactions must have their compliance assessed by a Qualified Security Assessor (QSA), while companies handling smaller card transaction volumes can do PCI self-certification via a Self-Assessment Questionnaire (SAQ).
These are the broad steps required to become PCI-DSS compliant:
1. Complete the PCI Self-Assessment Questionnaire (SAQ) according to the information contained in the Self-Assessment Questionnaire Instructions and Guidelines document.
2. Complete a successful network vulnerability scan with a PCI DSS Approved Scanning Vendor (ASV), and submit a Network Scan Report showing evidence of a passing scan from the ASV.
3. Complete the relevant Attestation of Compliance document .
4. Submit the SAQ document, Attestation of Compliance document and Network Scan Report (and any other requested documentation) to your merchant bank.