Merchants that use Scottsdale, Ariz.-based security services provider Chief Security Officers (CSO) to validate their adherence with the Payment Card Industry Data Security Standard (PCI DSS) will have to find a new assessor.
The PCI Security Standards Council, the group responsible for managing payment security, last week revoked CSO's status as a Qualified Security Assessor (QSA) and Payment Application Qualified Security Assessor (PA-QSA). CSO was removed from the Council's lists of approved service providers due to its "failure to satisfy the high standard set forth for QSAs and PA-QSAs," the PCI Council said in a statement released last week.
The PCI Council has not revealed why exactly CSO's credentials were revoked. CSO, meanwhile, did not respond to several interview requests made by SCMagazineUS.com.
"I can't comment on this situation, but suffice to say, the [quality assurance program] is working," Bob Russo, general manager of the PCI Council, told SCMagazineUS.com on Tuesday.[...]