You can’t make this up: FTC wants to know whether assessors are helping clients achieve PCI-DSS compliance

The FTC has questions about how PCI-DSS Qualified Security Assessors (QSAs) conduct their audits and recently ordered itself to study the issue. Merchants and service providers whose processing volume exceeds established volume thresholds are required to use a QSA to assess PCI compliance.  The FTC wants to know (among other things) whether QSAs are allowing clients to remedy potential PCI issues before their [...]