What are the steps?
1. Become familiar with PCI Security Standards.
Visa recommends that all organizations participating in the Visa system become thoroughly familiar with PCI Security Standards. All organizations processing, transmitting or storing cardholder or transaction information are required to comply with these standards. You will find all related documentation, including a Self-Assessment Questionnaire, in the Downloads section.
2. Contact your Acquirer Bank
The institutions that maintain a direct relationship with Visa (typically Member Banks and processors) have received precise instructions regarding the AIS program. Merchants and service providers should contact their bank to receive instructions regarding:
- What are the requirements to validate compliance by your organization in accordance with the Visa LAC AIS Program?
- What are the deadlines set by Visa for compliance with AIS Program requirements?
- What are the benefits and penalties of the AIS program?
3. Provide proof of compliance upon request
As a result of compliance validation requirements established by the AIS Program and the risk level represented by your organization, your Acquirer may contact merchants and service providers to request "Proof of Compliance" with PCI Security Standards.
Compliance validation requirements may include:
- On-site audits by independent qualified security assessor (QSA)
- Quarterly network scans
- Completing of a self-Assessment Questionnaire