PCI Council revokes company’s QSA status

Merchants that use Scottsdale, Ariz.-based security services provider Chief Security Officers (CSO) to validate their adherence with the Payment Card Industry Data Security Standard (PCI DSS) will have to find a new assessor.

The PCI Security Standards Council, the group responsible for managing payment security, last week revoked CSO’s status as a Qualified Security Assessor (QSA) and Payment Application Qualified Security Assessor (PA-QSA). CSO was removed from the Council’s lists of approved service providers due to its “failure to satisfy the high standard set forth for QSAs and PA-QSAs,” the PCI Council said in a statement released last week.

The PCI Council has not revealed why exactly CSO’s credentials were revoked. CSO, meanwhile, did not respond to several interview requests made by SCMagazineUS.com.

“I can’t comment on this situation, but suffice to say, the [quality assurance program] is working,” Bob Russo, general manager of the PCI Council, told SCMagazineUS.com on Tuesday.

The Council’s quality assurance program, implemented in 2008, requires each QSA to undergo a “rigorous” yearly or bi-yearly assessment designed to ensure it is providing merchants with quality, ethical validation services, Russo said. As part of this process, QSAs must submit redacted compliance reports to the Council for review.   Read More