Optiv Cybersecurity Dictionary

What is a ROC - Report on Compliance for PCI?

The ROC form must be completed by all Level 1 Visa merchants undergoing a PCI DSS (Payment Card Industry Data Security Standard) audit.


A Level 1 merchant is defined as one that processes over 6 million Visa transactions in a year. The ROC verifies that the audited merchant is compliant with the PCI DSS standard. PCI DSS was created as a collaborative effort of Visa, MasterCard, Discover and American Express. The ROC must be completed by a PCI Qualified Security Assessor (QSA) who has audited the merchant. The form is then submitted to the merchant's acquiring bank for acceptance. Once the merchant's acquiring bank has accepted the ROC, it sends the document on to Visa for compliance verification.

Contact Us