Nov 12 2008

Double-check your QSA

Published by at 8:41 am under PCI

I’m not sure if this is something I’d missed before, but you can look up you’re Qualified Security Assessor (QSA) and see if they’re in good standing.  All you need is their last name and the name of their company and you can know for certain that they’re on the up and up and have had their annual training.  This is something you should take the five minutes to do to check out the QSA’s who’ll be working with you.  I don’t have specific examples, but I’ve heard rumors that there are some folks out there representing themselves to Level 3 and level 4 merchants as QSA’s when they’re not.  Take the 5 minutes to verify your assessor, you owe it too yourself.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

One response so far

One Response to “Double-check your QSA”

  1. # Joseph Pierinion 13 Nov 2008 at 11:43 am

    POST /qsa_lookup/index.html HTTP/1.1
    Host: http://www.pcisecuritystandards.org
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 300
    Connection: keep-alive
    Referer: https://www.pcisecuritystandards.org/qsa_lookup/index.html
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 44

    run=2&hash2=&name=%3Ciframe%3E&cert=&cmpy=-1

Trackback URI | Comments RSS

Leave a Reply