Home > Services > Compliance > PCI Report on Compliance


PCI Report on Compliance

All merchants and service providers who store, process, or transmit payment card information need to comply with the standards set by the Payment Card Industry. Credit card brands may enforce the terms of their contracts by imposing fines, restrictions, and/or sanctions against businesses that do not comply with the PCI DSS standard. Penalties for non-compliance are at the brand’s discretion and can serve as a substantial motivator for achieving compliance with the PCI DSS, especially in light of acquirers’ compliancy relying fully on their merchants’. Privity knows from experience that it is in merchants’ best interests to become and remain in full compliance as soon as possible. We will give you the tools to know what your requirements are and to fulfill them correctly and on time.

Organizations need to do a number of things to validate their PCI compliance. These tasks can range from quarterly scans conducted by Approved Scanning Vendors (ASV) and Self-Assessment Questionnaires (SAQ) to an on-site assessment called a Report on Compliance (ROC) that must be done annually. Acquirers often require from merchants regular reports demonstrating progress towards compliance, or an Attestation of Compliance to help demonstrate merchants’ compliance to the brands and show the acquirers’ own due diligence.

Qualified Security Assessors (QSA) must validate PCI compliance for all merchant levels in Canada, thus, all merchants require a QSA to demonstrate compliance to the acquirers in order to avoid potential penalties or the irrevocable loss of business.