Choose Index below for a list of all words and phrases defined in this glossary.

Report on Compliance (ROC)

index | Index

Report on Compliance (ROC) - definition(s)

Report on Compliance (ROC) - A Report on Compliance (ROC) is a form that must be completed by all Level 1 Visa merchants undergoing a PCI DSS (Payment Card Industry Data Security Standard) audit. In general, a level 1 merchant is one who processes over 6 million Visa transactions in a year.

The ROC is used to verify that the merchant being audited is compliant with the PCI DSS standard. PCI DSS policies and procedures were developed to enhance the security of card-based transactions and protect cardholders against fraud and other misuses of their personal information. PCI DSS was created as a collaborative effort of Visa, MasterCard, Discover and American Express.

The ROC must be filled out by the PCI Qualified Security Assessor (QSA) who has audited the merchant. The form is then submitted to the merchant's acquiring bank for acceptance. Once the merchant's acquiring bank has accepted the ROC, it sends the document on to Visa for compliance verification.

Related glossary terms: RSA algorithm, data key, greynet (or graynet), spam cocktail (or anti-spam cocktail), fingerscanning (fingerprint scanning), munging, insider threat, authentication server, defense in depth, nonrepudiation / non-repudiation

[Category=Data Management ]

Source:, 06 September 2013 08:49:38, External

Data Quality Glossary.  A free resource from GRC Data Intelligence. For comments, questions or feedback: