Antisyphon Training
In the PCI context, what's the difference between a ROC and an AOC? Tell us what you think!
Learn the answer to this question and more in Nathan Sweaney's upcoming Pay-What-You-Can class, “PCI 101,” on June 6! Details and registration: https://cvent.me/KnXMoB?RefId=Q%3F_MD
May 25, 2023 at 6:35pmWeb
Show threadAntisyphon TrainingMay 31, 2023

Alright, folks, what was your answer to this PCI question? Here's Nathan Sweaney's answer! ↓
The Report on Compliance (ROC) is filled out and signed by a QSA who validates the organization's PCI compliance. It is usually only required for Level 1 merchants, and occasionally some smaller merchants, and must be submitted to the merchant's acquiring bank. The Attestation of Compliance (AOC) is a similar document used by smaller merchants that can be used to summarize the status of the Self Assessment Questionnaire (SAQ). It is usually not signed by a QSA or required to be submitted.

Join Nathan on June 6, 12-4 p.m. ET, for his Pay-What-You-Can class, "PCI 101"! Register here: https://cvent.me/KnXMoB?RefId=Q%3F_MD