What is PCI?
"PCI" simply stands for Payment Card Industry. This industry includes all the various organizations responsible for storing, transmitting and/or processing card and cardholder data for both debit and credit cards. It is directed by the PCI Council, which is composed of the major card brands. They set security standards for all businesses that accept, process, create or transfer credit card information (including virtual cards). You need to be PCI Compliant to do business through Availability Exchange Gateway.
What is an Attestation of Compliance (AoC)?
A PCI Attestation of Compliance is an official document from the PCI Council that attests an organization's compliance status. It serves as evidence that an organization upholds security best practices to protect and secure sensitive data, primarily credit card data.
How do I get an AoC?
If you do not have an AoC completed by a Qualified Security Assessor (QSA), you may obtain a self-assessment AoC as follows:
1) Complete one of the official questionnaires (probably a SAQ-D: https://www.pcisecuritystandards.org/pci_security/completing_self_assessment). Note that this document is generally a private, confidential document for your own use, not one to share with third parties
2) Go to https://www.pcisecuritystandards.org/document_library and select "SAQS" from the "filter by" menu.
3) Pick the AoC for whichever SAQ questionnaire you completed and send it to us as your self-attestation.