The RSI Security site breaks down the measures in some depth, but the method in essence goes such as this: Formally attest your compliance. An AOC (attestation of compliance) is the shape you employ to signal that you simply’ve attained PCI DSS compliance. Ending your questionnaire without any “Completely wrong” https://www.nathanlabsadvisory.com/pci-3ds.html