|
Who's Your Security Guard |
|
|
|
Although ISOs are responsible for ensuring the merchants they serve process transactions securely and adhere to the Payment Card Industry Data Security Standard (PCI DSS), most need to partner with a security consultant to help them do so. But not all consultants are created equal, and a strategic approach to finding and hiring the right partner is critical to achieving best results.
ISOs can start by looking at the specific requirements for hiring a security consultant as well as the benefits of doing so. On the PCI DSS compliance front, Level 1 merchants and Level 1 and Level 2 service providers must use a certified Qualified Security Assessor (QSA) to conduct their annual on-site data security assessments. Internal audit groups can perform on-site assessments, but an officer of the company must sign off on the results. Level 2, Level 3, and Level 4 merchants, as well as Level 3 service providers, can use the PCI Self-Assessment Questionnaire (SAQ) to self-certify.
Download the full PDF
|
