One exciting topic from our recent PCI Acquirer Forum conference call was the introduction of the optional-use Acquirer Review Checklist resource, developed by the Assessor Quality Management (AQM) team at the PCI Council. Here’s a quick look at what you need to know about this new resource and how to start using it in your organization.
The Acquirer Review Checklist resource provides standardized guidance to acquirers reviewing PCI DSS assessments for their merchant customers in support of on-going PCI Qualified Security Assessor (QSA) quality improvement efforts. While use of this resource is not required by the PCI Council, its content is based on the best practices and feedback contributed by numerous acquirer reviewers. Such calibrated acquirer reviews can increase the effectiveness of the acquirer’s review of assessor work products and empower acquirers in holding assessors accountable for consistency and accuracy.
Within the Acquirer Review Checklist resource, there are two review checklists – “Acquirer Checklist – Basic” and “Acquirer Checklist – Detailed” for the acquirer reviewer to choose from. Neither checklist should be considered all-inclusive, but both represent common areas of concern as identified by accepting entities. Both checklists tend to focus on binary responses – yes, no, n/a – and as such aren’t as time consuming as they might appear. Other content in this resource includes a checklist to evaluate the acquirer reviewer’s own training needs and supporting resource links.
Sounds great – so how can acquirers get access to the new Acquirer Review Checklist? With a just a few simple steps, you can download and begin using this resource today. Get started now!