Apparently, a bad practice started a number of years ago is appearing in other parts of the world. That practice is PCI Compliance Certificates.
I wrote a post a number of years ago about this practice and provided the direct quote from the PCI SSC’s FAQ on the subject. If you need more proof, go to the PCI SSC Web site and click on FAQ and search for ‘PCI DSS Compliance Certificate’.
This is a marketing ploy and it needs to stop.
These certificates are not worth the paper they are printed on and anyone purporting them to have meaning is uninformed, or worse, lying.
I would highly recommend that if you encounter anyone that tells you such nonsense, they should be immediately reported to the PCI SSC – qsa AT pcisecuritystandards DOT org. Include their name and the name of their organization in your message.
UPDATE: Only a few minutes after I put up this post I received just such a certificate from a major bank as proof that their business partner was PCI compliant. Unbelievable.