DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

FTC To Study Credit Card Industry Data Security Auditing

Posted on March 7, 2016 by Dissent

Note: The PCI DSS Council currently lists 346 qualified security assessors. It would be nice to know how the FTC picked the nine it’s questioning, and I’ve sent the FTC an inquiry about that. 

* * *

The Federal Trade Commission has issued orders to nine companies requiring them to provide the agency with information on how they conduct assessments of companies to measure their compliance with the Payment Card Industry Data Security Standards (PCI DSS).

PCI DSS audits are required by the major payment card issuing companies of retailers and other businesses that process more than 1 million card transactions in a given year, and are intended to ensure that companies are providing adequate protection to consumers’ sensitive personal information.

The nine companies receiving orders from the FTC are: Foresite MSP, LLC; Feed Maxick CPAs, P.C.; GuidePoint Security, LLC; Mandiant; NDB LLP; PricewaterhouseCoopers LLP; SecurityMetrics; Sword and Shield Enterprise Security, Inc.; and Verizon Enterprise Solutions (also known as CyberTrust).

The FTC is seeking details about the assessment process employed by the companies, including the ways assessors and companies they assess interact; copies of a limited set of example PCI DSS assessments, and information on additional services provided by the companies, including forensic audits.

Information collected by the FTC will be used to study the state of PCI DSS assessments.

The Commission is authorized to issue Orders to File a Special Report by Section 6(b) of the FTC Act.

The Commission vote to issue the orders was 4-0.

SOURCE: FTC

Related posts:

  • FTC Takes Action Against Drizly and its CEO James Cory Rellas for Security Failures that Exposed Data of 2.5 Million Consumers
Category: Commentaries and AnalysesOf Note

Post navigation

← Mounting phishing reports predict new tax refund fraud victims in 2016
Some previously unreported breaches →

1 thought on “FTC To Study Credit Card Industry Data Security Auditing”

  1. Anonymous says:
    March 7, 2016 at 7:35 pm

    I’d love to request a particular QSA’s reports be reviewed (done by a company above).

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked
  • Hunters International to provide free decryptors for all victims as they shut down (2)
  • SEC and SolarWinds Seek Settlement in Securities Fraud Case

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t
  • Oregon Amends Its Comprehensive Privacy Statute

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.