PCI Compliance has been around for a while now. It’s funny to me to see QSAs now offering special pricing to provide services to Level 2 Merchants. Their packaged pricing includes fixed fee services to assist Level 2 Merchants in getting validated.
Well, news flash! Most QSAs provide their validation services on a fixed fee basis. Always have. For all levels of merchants.
Keep in mind, all levels of merchants need to comply to all the standards of the PCI Data Security Standard (now version 2.0) that apply to them. It’s not just the level 1’s. It’s all merchant levels, even the level 3’s and 4’s.
Any QSA (Qualified Security Assessor) worth their weight is going to approach each client individually, of course. Every client environment is a little bit different. As far as the services being provided on a fixed fee or hourly basis, if a QSA has done enough validations and has the experience level, they will know exactly how to price their services fairly and competitively.
Nancy Sykora
Sr. Account Executive
PCI DSS Requirements
PCI DSS Requirement 5.4.1: Anti-spoofing controls such as DMARC, which stands for Domain-based Message Authentication, Reporting and Conformance, Sender Policy Framework (SPF), and Domain Keys Identified Mail (DKIM) can help stop phishers from spoofing the entity’s domain and impersonating personnel.
Clarification on eCommerce Outsourcing PCI DSS requirements 6.4.3 and 11.6.1
Unpacking the New PCI DSS Password Standards
Is Your Organization Prepared for PCI DSS Automation – Requirement 10.4.1.1?
What is the PCI DSS v4 Authenticated Scanning Mandate – Requirement 11.3.1.2?
What is the PCI DSS v4.0.1 Requirement for PoLP – Requirement 7.2.5?
The New PCI DSS v4.0.1 Software Catalog Mandate – Requirement 6.3.2
How to Analyze An Attestation of Compliance (AOC)
PCI Compliance New Requirements and Targeted Risk Analysis (TRA)
