What is the normal process for submitting a SAQ (or at least an Attestation of Compliance) to a merchant bank? Our payment processor/merchant bank (this company has an arrangement to do both) recently contacted us about PCI compliance. They 'suggested' we use TrustWave. However, I was given the option of having a PCI vulnerability scan done by an independent ASV if I'd like. I went the independent route and we've passed the PCI scans and I've completed the questionnaire. Now, the payment processor/merchant bank states we shouldn't send them the SAQ. The compliance officer is stating that the ASV (or a QSA) should evaluate the SAQ and send us a certificate of compliance to give the the payment processor/merchant bank. The payment processor's compliance officer is also inferring that since we didn't go with TrustWave, this person is unable to tell us exactly what we are supposed to do. What the normal procedure for submitting a SAQ (or do you even submit it at all)?

Note: We are a level 3 merchant and we are filling out SAQ D.

Your organization must be located in Canada as Visa Canada is the only one requiring a QSA to review all SAQs before they are submitted.

The QSA will ask for your SAQ and all supporting documentation. If all of your paperwork supports your findings in the SAQ, the QSA will 'co-sign' your SAQ and Attestation of Compliance form and then you will submit the package to your acquiring bank.

For all other locations around the world, you just submit your SAQ and Attestation of Compliance to your acquiring bank without the QSA review and sign off.

Give more details please?
Thanks for the nice collection of this posts.!!!
This is really good information....
Good luck!

I sent the SAQ form of on 29th of October before the 31st dealine and sent of the essays required on the 5th of November before the 7th deadline. I phoned them on the 8th and they have recieved everything.