I've worked with about eight or nine. Two of them are jaw drops in horror. A bunch are "err, what?", but get the job done vaguely competently if in a very procedural fashion. Quite often it's totally nontechnical people with backgrounds in finance/filing who do the assessment. Finally, there are two outfits we've worked with that we liked - one well enough to come audit us.
Oh, also, the big automated platforms like SM and TW are pretty poor.
The way it's set up right now, if you're lucky enough to be deemed a QSA by the PCI council, congratulations, you are now legally welcome to blackmail and extort. Zilch oversight, it's the Wild West, and snake oil salesmen abound.
The OP reported the auditor with the appropriate authorities and hopefully they'll revoke their certification.
Alternatively, I'd report the auditor to the police for attempting to acquire personal user data, a clear violation of data protection acts and user privacy.
Indeed, truth is not always an absolute defence in the UK. Also the law varies depending in which jurisdiction you are in in the UK; e.g. England & Wales vs Scotland vs Northern Ireland.
madaxe_again|9 years ago
Oh, also, the big automated platforms like SM and TW are pretty poor.
The way it's set up right now, if you're lucky enough to be deemed a QSA by the PCI council, congratulations, you are now legally welcome to blackmail and extort. Zilch oversight, it's the Wild West, and snake oil salesmen abound.
tomblomfield|9 years ago
Cthulhu_|9 years ago
Alternatively, I'd report the auditor to the police for attempting to acquire personal user data, a clear violation of data protection acts and user privacy.
pawadu|9 years ago
RubyPinch|9 years ago
fdgdasfadsf|9 years ago
tankenmate|9 years ago