Third QSA firm placed in remediation by PCI SSC

Article

Third QSA firm placed in remediation by PCI SSC

The PCI Security Standards Council has placed a third Quality Security Assessment firm in remediation for violating QSA Validation Requirements. 

SearchSecurity.com:

To get security news and tips delivered to your inbox, 

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

click here to sign up for our free newsletter.

SecurityMetrics, based in Orem, Utah, was placed on the short list of violators. The company's website touts "a comprehensive set of automated, on-line security services and hardware devices to help Internet connected businesses detect and repair security problems at reasonable prices."

SecurityMetrics could not be reached for comment Tuesday morning. The company touts a three step PCI audit that includes a gap analysis, consulting services and finally an onsite audit for PCI compliance validation. The firm is also certified to conduct Payment Application Data Security Standard (PA-DSS) evaluations. Its other services include onsite computer inspections and internal network vulnerability assessments. The company also sells an appliance that provides intrusion detection and prevention.

Two other firms have been penalized as a result of the PCI Council's quality assurance program, which assesses PCI assessment documents provided by the QSA firm. San Jose, Calif.-based Payment Software Company LLC (PSC) and Frederick, Md.-based Fortrex Technologies Inc. were placed in remediation status. When reached for comment, representatives from both firms said they were addressing issues discovered during the review process. 

The PCI SSC's quality assurance program was started in September as a result of mounting complaints from merchants about the quality of their compliance reviews. While the program reviews QSA firms at random, based on the number of assessments conducted, a firm that receives negative feedback from merchants is flagged for review, Bob Russo, general manager of the PCI Council said recently. QSA firms that are placed in remediation could have their certification revoked if they do not address the issues identified by the council.