PCI DSS QSA

What is a PCI QSA?

The Payment Card Industry Security Standards Council (PCI SSC) operates an exacting programme for security companies and their employee’s wishing to become Qualified Security Assessors (QSAs). Those who do qualify are then able to assess merchants for compliance against the “12 principles” of the Data Security Standard.

Any security company wishing to certify as a QSA company must ensure that they comply with the requirements of the PCI SSC.

Accumuli Security is proud to be a PCI QSA company.

Why should I use a QSA and when?

Any organisation, either Merchant or Service Provider, which stores, processes or transmits Cardholder Data (CHD) is required to comply with the PCI Data Security Standards (DSS). To help you do this, you can employ the services of a QSA company.

A merchants acquiring bank will confirm the appropriate compliance level that needs to be adhered to, and any specific or additional requirements outlined by the Payment Brands.

Currently all Level 1, some Level 2 merchants and Level 1 service providers must have an on-site assessment carried out by a PCI qualified assessor on an annual basis, and provide a Report on Compliance to their acquiring bank.

How do I become compliant?

The process varies depending upon the systems used by the merchant, their allocated merchant level, their existing security posture and PCI compliance status.

Service Providers must complete their annual renewal process prior to the expiry of the current certification, or they will be removed from the list of Compliant Service Providers, which could result in a significant loss of revenue.

The requirements are very clear. A merchant or service provider cannot be partially compliant – they either are compliant or they are not. There is no middle ground.

As a PCI QSA company, we can help you ensure your compliance is never in question.