Concerned about your QSA's experience?
Inside the mind of a black hat
Are these the ICO's new teeth?
If 3rd parties and/or Service Providers are involved in the storing, processing or transmission of Cardholder Data, or the management or systems and security controls that have a direct impact on Cardholder Data security, it is important that Contractual Liability has been clearly defined and each party is fully aware of their responsibilities for the security of Cardholder Data.
In the Retail Sector, long standing contracts are not uncommon and full/partial outsourcing of payment processing is a typical challenge that Qualified Security Assessors should deal with.
It should be no longer acceptable to accept a third party ‘PCI Certification’ as means to prove Service Providers and Third Parties are compliant.
It is ESSENTIAL that Contracts are in place to ensure liability for a breach caused by any Third Party does not pass to the Merchant.
Blackfoot has considerable experience dealing with Contracts and what variations are required to ensure that Merchants do not end up paying for a breach.
Call us: