Can someone please tell me what exactly banks are required to do for PCI compliance? Our bank offers credit cards, debit cards, cash advances, ATMs, and accepts payments using credit/debit cards for various fees throughout the bank. Do these activities render us both a merchant and a servicer and do we have to complete both self-assessments?

I can't seem to find anyone who really has a handle on what to do with the self-assessments. Any guidance would be greatly appreciated.

I am working on this currently.

My understandig is we have to complete the SAQ-D unless VISA tells us we have to perform a ROC.

What I can't locate is if I have until 12/31/15 to complete the SAQ-D. Once I complete it, what do I do with it? Submit the finidngs to anyone or just have for our IT audit

Then annually thereafter.

Anyone?

If anyone has information on when to complete the SAQ-D, I appreciate it.
I have looked all through the website but the only guidance I find is the document. I don't see where it says by when and what to do with it once its completed.