19 Jan What is a Qualified Security Assessor?
Qualified Security Assessors Work to Ensure the Safety of Your Credit Transactions
Globally, businesses lost $40 billion in expenses and fines due to credit card fraud between 2009 and 2013. Continuing with this trend, a conservative estimate of losses for 2014 should near $16 billion. In 2006, major credit card processors American Express, Discover Financial Services, Japan Credit Bureau, MasterCard Worldwide and Visa International formed the Payment Card Industry Security Standards Council (PCI SSC) to manage security measures in the credit card payment industry’s environment. As part of their initiative, PCI granted companies and their qualified specialists the designation of Quality Security Assessor (QSA) to aid in the evaluation and implementation of payment industry security standards.
QSA companies are IT security consultants that the PCI qualifies to have their staff assess a business’s merchant accounts for standard security compliance. These companies concentrate in business data security and management. QSAs are employees of these firms and are individually certified by PCI to confirm a business owner’s adherence to PCI standards. PCI certification requires ongoing training through the service of a consultant for them to stay well-informed of changing industry standards and developments.
The first task of a QSA is to assess a business’s credit card processing system for PCI compliance. During the assessment, the QSA appraises the merchant’s equipment and credit data management policies and procedures for security. Next, the QSA evaluates the merchant’s rules and processes for alignment with PCI criteria. The consultant examines a merchant’s handling of sensitive information and their continuing security practices. Based upon these reviews, QSA’s make recommendations to bring a merchant’s operations up to code. These recommendations may consist of recommended equipment upgrades, software upgrades or data handling policy changes suitable for the merchant’s business environment. It is the QSA’s duty to help merchants in remedying security vulnerabilities observed in their operation. Once a QSA completes their review they’ll forward their findings to the merchant’s bank and credit processing services.
QSAs are vital to the survival of businesses that utilize credit card processing. Estimates show that 60 percent of businesses that fall victim to cyberattacks cease operation within six months. If a business’s merchant accounts are not compliant during an attack, they may be liable for up to $500,000 per security breach incident, $50,000 per day of non-compliance, $10 for the cost of each card compromised and may have to refund consumers for any losses they occurred due to the attack. A proactive review of PCI compliance is expensive but is a fraction of the cost of falling victim to a cyberattack when not operating within PCI standards.