Skip to content Skip to navigation

Guidelines for Evaluating and Qualifying a Payment Application Provider

  1. The company must provide a current Attestation of Compliance (AOC) and Report on Compliance (ROC) for verification of PCI DSS compliance.
  2. If Stanford has to pay a software license fee for the payment application, then the solution needs to be PA-DSS compliant. The company must provide a current Attestation of Validation (AOV) and Report on Validation (ROV).
  3. It is highly recommended that the company be listed in the Visa Global Registry of Service Providers and/or the MasterCard PCI Compliant Service Providers.