PCI Compliance has been around for a while now. It’s funny to me to see QSAs now offering special pricing to provide services to Level 2 Merchants. Their packaged pricing includes fixed fee services to assist Level 2 Merchants in getting validated.
Well, news flash! Most QSAs provide their validation services on a fixed fee basis. Always have. For all levels of merchants.
Keep in mind, all levels of merchants need to comply to all the standards of the PCI Data Security Standard (now version 2.0) that apply to them. It’s not just the level 1’s. It’s all merchant levels, even the level 3’s and 4’s.
Any QSA (Qualified Security Assessor) worth their weight is going to approach each client individually, of course. Every client environment is a little bit different. As far as the services being provided on a fixed fee or hourly basis, if a QSA has done enough validations and has the experience level, they will know exactly how to price their services fairly and competitively.
Sr. Account Executive