WASHINGTON (3/9/16)--Nine companies have been issued orders by the Federal Trade Commission (FTC), requiring them to provide information on how well they comply with data security standards, specifically with regards to Payment Card Industry Data Security Standards (PCI DSS) audits.
PCI DSS audits are required are required by the major payment card issuing companies of retailers and other businesses that process more than 1 million card transactions in a given year. According to the FTC, the audits are intended to ensure that companies are providing adequate protection to consumers’ sensitive personal information.
The FTC is seeking details about the assessment process employed by the companies, including the ways assessors and companies they assess interact; copies of a limited set of example PCI DSS assessments, and information on additional services provided by the companies, including forensic audits.
Information collected by the FTC will be used to study the state of PCI DSS assessments.
The nine companies receiving orders from the FTC are: Foresite MSP LLC; Freed Maxick CPAs P.C.; GuidePoint Security LLC; Mandiant; NDB LLP; PricewaterhouseCoopers LLP; SecurityMetrics; Sword and Shield Enterprise Security Inc.; and Verizon Enterprise Solutions (also known as CyberTrust).
The letter was sent to the companies March 4, and each company has 45 days to respond.