Security Basics mailing list archives
Re: How does a customer get PCI audited?
From: amatachick () gmail com
Date: 3 Jun 2008 19:51:39 -0000
Scott, I'm actually at a conference right now with Gartner and just this afternoon they brought up some interesting information on this that I wasn't aware of. In the past a company has only been audited if they had a breach. This seems to be changing. According to the last survey Gartner had merchants fill out, 8% of merchants received an audit from Visa to make sure they were compliant even though they hadn't had a breach. Additionally an attendee at the meeting spoke up to say that Discover had contacted his company to verify compliance as well. It seems that a shift is starting in the industry and credit card companies are becoming more proactive on this. In the 8% of cases where companies were reviewed without a breach for cause some fines were incurred from lack of PCI compliance. Fees ranged from $10,000 - $25,000 a month and there was also an increase in the interchange fee. If you're a level 1 merchant or a service provider you will need to have a Qualified assessor come out to assess you, that is a different thing than a "PCI audit" however. I assume you were not speaking about the assessment.
Current thread:
- Re: How does a customer get PCI audited?, (continued)
- Re: How does a customer get PCI audited? Adriel Desautels (Jun 05)
- Pen tested ... Compliant??? Craig Wright (Jun 05)
- The economics of testing Craig Wright (Jun 05)
- Message not available
- RE: The economics of testing Craig Wright (Jun 06)
- RE: How does a customer get PCI audited? Craig Wright (Jun 04)
- Re: How does a customer get PCI audited? Adriel Desautels (Jun 05)
- RE: How does a customer get PCI audited? Craig Wright (Jun 05)
- RE: How does a customer get PCI audited? Craig Wright (Jun 05)
- Message not available
- Re: How does a customer get PCI audited? Adriel Desautels (Jun 09)
- RE: How does a customer get PCI audited? Craig Wright (Jun 06)
- RE: How does a customer get PCI audited? Scott Race (Jun 06)
- RE: How does a customer get PCI audited? Craig Wright (Jun 06)