Guidelines for Evaluating and Qualifying a Payment Application Provider
- The company must provide a current Attestation of Compliance (AOC) and Report on Compliance (ROC) for verification of PCI DSS compliance.
- If Stanford has to pay a software license fee for the payment application, then the solution needs to be PA-DSS compliant. The company must provide a current Attestation of Validation (AOV) and Report on Validation (ROV).
- It is highly recommended that the company be listed in the Visa Global Registry of Service Providers and/or the MasterCard PCI Compliant Service Providers.