Introduction
Your merchant acquiring (MA) bank or security assessor may require you to provide evidence of Payment Card Industry (PCI) Compliance for Cybersource. You can fulfill this requirement by presenting either the Attestation of Compliance (AoC) or the SSAE 18 report (also referred to as the SOC-1 report; previously known as SSAE 16).
If you have questions regarding PCI compliance, contact your Merchant Services Provider (MSP). If Cybersource is your MA, contact CyberSource’s assessor, Trustwave, at 1-800-213-8918.
Procedure Overview
1. Obtaining the Attestation of Compliance (AoC)
You can obtain the AoC for CyberSource using one of the following options:
- Option 1: Visit the AoC page for CyberSource on the Visa Global Registry of Service Providers.
- Option 2: If the direct link does not work:
- Visit the Search Service Providers page.
- Under Find a Service Provider, enter “CyberSource” as the Company Name.
- From the search results, select CyberSource (including Authorize.Net, Managed Hosting, and K.K.).
2. Obtaining the SSAE 18 (SOC-1) Report
If you require additional details of CyberSource compliance, submit a Support Case requesting a copy of the SSAE 18 report. In your request, include the following information:
| Required Information | Details |
|---|---|
| Name and Title | Must be someone with the title of Senior Manager or higher |
| Email Address | Of the individual named above |
| Physical Mailing Address | PO Box is not accepted |
| Phone Number | Contact number for the requestor |