In my software we take credit card payments using both Stripe and Authroize.Net. One of the merchants that Authorize.Net connects to is asking for an Attestation of Compliance. I don’t have anything like this. Has anyone been asked for this before, what is it, and what does it mean?
It’s a simple work product of having gone through the PCI Self Assessment Questionnaire.
You can read more about it here:
Thanks for this, I think I found the form I need. Who did you submit the form to? I emailed PCI website and they said submit it to the merchant bank??
You don’t need to submit it anywhere specific. It’s more like documentation that you completed the (self assessed, in this case) process. You can provide it to whoever is asking you for it. Just make sure you’re actually in compliance as per the questionnaire applicable to you!
Take a look through this page that details the process: http://pcipolicyportal.com/saq-a-d/pci-saq-certification-process