The PCI Security Standards Council has launched a programme to ensure that the companies that assist retailers in meeting the PCI data security standard are up to scratch.
Qualified security assessors (QSAs) and approved scanning vendors (ASVs) are already vetted by the council and must complete training to gain their status.
The quality assurance programme will ensure that both QSAs and ASVs provide consistent and high-quality assessment and validation services to retailers, which must work with these organisations in order to prove to their acquiring banks that they are compliant with the standard.
PCI Security Standards Council general manager Bob Russo said that retailers raise concerns about whether QSAs and ASVs are up to speed, so this should give peace of mind.
He added that both types of organisation should be documenting their procedures and the programme will check this regularly, as well as allowing the council to make enquiries if necessary.
Russo said that the programme should not add to retailers’ compliance costs.
1 Reader's comment