Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Who Does A Better Job Auditing PCI?

Auditing Job PCI
0
Posted

Who Does A Better Job Auditing PCI?

0 CommentsAdd a Comment

1 Answer

0

The motivation behind MasterCard’s QSA mandate was almost certainly driven by some pretty shoddy self-assessments by some name-brand companies. After all, just because a company has a brand name, doesn’t mean its senior management believes all the consultant hype that you have to spend money on data security to protect your brand by avoiding a security breach. But my experience with Internal Audit departments tells me that once that department agrees to take on PCI compliance assessments, they spend more time, effort and money on assessments and generally do a better job than most QSAs. Why? Cost is a huge factor in QSA selection, so QSAs often have to minimize the assessment scope in order to win business. I know many QSAs who are thoroughly ticked off that some of their clients would prefer a less-than-thorough assessment. Many merchants like QSAs who are “easy graders,” which is not a shock. But these same “cheap ass” (to quote one notable QSA) managers have a hard time sitting acro

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123