People are a critical part of keeping your payment data safe and secure. The PCI SSC provides training for merchants on payment data security essentials and resources for identifying and hiring qualified and trusted vendors and service providers that will help protect payment data.
People are your first line of defense.
The PCI SSC offers a range of training and certification programs to support your organization’s payment security efforts. Use this guide to help determine which training is right for you and your organization.
AwarenessBasic awareness training on the PCI Data Security Standard (PCI DSS) and how it can help your organization secure payment data.Read the course description
PCI Professional (PCIP)Training and qualification on implementing and maintaining PCI DSS to support ongoing security and compliance efforts. Read the course description
Internal Security Assessor (ISA)Training and qualification on assessing your organization's adherence to PCI DSS. Read the course description
To help you identify trusted partners who will prioritize payment data security, the PCI SSC maintains listings of trained and qualified companies for merchants. Refer to the descriptions below for more information and to access the PCI SSC listings.
Qualified Integrator & Reseller (QIR)QIRs are qualified by the PCI SSC to securely install payment applications on merchant payment systems.
Qualified Security Assessor (QSA)QSAs are qualified by the PCI SSC to perform on-site assessments of a merchant's PCI DSS compliance. 
Approved Scanning Vendor (ASV)ASVs are qualified by the PCI SSC to scan for vulnerabilities on merchant networks. 
PCI Forensic Investigator (PFI)PFIs are qualified by the PCI SSC to provide forensic investigation services to merchants if a payment data breach has occurred or is suspected.
View PFI listing
Merchants may also come into contact with a number of payment vendors or services providers that can impact the security of payment data and your business.
Secure E-commerce Service Providers
If you don’t already, consider using a PCI DSS compliant service provider to help you securely process your e-commerce payment transactions, and/or to manage your e-commerce website. Refer to the payment brand lists below as a resource.
MasterCard List of Compliant Service Providers
Visa Global Registry of Service Providers
Visa Europe Registered Member Agents
Use this guide to help identify other common type of payment vendors and service providers and what you should look for with each vendor.
Our website uses both essential and non-essential cookies (further described in our Privacy Policy) to analyze use of our products and services. By clicking “ACCEPT” below, you are agreeing to our use of non-essential cookies to provide third parties with information about your usage and activities. If you click “DECLINE” below, we will continue to use essential cookies for the operation of the website.