Frequently Asked Question

An assessor that is listed as a QSA for PCI DSS and QPA for PCI PIN on the PCI SSC website may be eligible to perform both types of assessments, subject to meeting the requirements of both programs. However, while PCI SSC manages the PCI security standards and assessor programs, PCI compliance programs and validation requirements are defined and managed by the individual payment card brands. We recommend you contact the payment brands directly to discuss their individual compliance rules, validation criteria and processes, etc. Contact information for the payment brands can be found in FAQ #1142 titled, "How do I contact the payment brands?" on the PCI SSC website at https://www.pcisecuritystandards.org/faqs.