mailing list archives
Re: How does a customer get PCI audited?
From: amatachick () gmail com
Date: 3 Jun 2008 19:51:39 -0000
I'm actually at a conference right now with Gartner and just this afternoon they brought up some interesting
information on this that I wasn't aware of. In the past a company has only been audited if they had a breach. This
seems to be changing. According to the last survey Gartner had merchants fill out, 8% of merchants received an audit
from Visa to make sure they were compliant even though they hadn't had a breach. Additionally an attendee at the
meeting spoke up to say that Discover had contacted his company to verify compliance as well. It seems that a shift is
starting in the industry and credit card companies are becoming more proactive on this.
In the 8% of cases where companies were reviewed without a breach for cause some fines were incurred from lack of PCI
compliance. Fees ranged from $10,000 - $25,000 a month and there was also an increase in the interchange fee.
If you're a level 1 merchant or a service provider you will need to have a Qualified assessor come out to assess you,
that is a different thing than a "PCI audit" however. I assume you were not speaking about the assessment.
RE: How does a customer get PCI audited? Hill, Pete (Jun 03)
Re: How does a customer get PCI audited? amatachick (Jun 03)
Re: How does a customer get PCI audited? mkburns (Jun 04)
Re: How does a customer get PCI audited? shoten (Jun 06)