View all newsletters
Receive our newsletter – data, insights and analysis delivered to you
May 4, 2010

Grant Thornton says auditors fit QSA mould

Qualified security assessors (QSAs) from chartered accounting firms with formal internal controls audit and information security backgrounds are best placed to assess retailers’ payment card transaction processing security, according to Grant Thornton Canada.

The Payment Card Industry Data Security Standard (PCI DSS) is designed to help organisations that process card payments prevent credit card fraud.

The standard applies to all cards branded by one of the participating brands, including Visa, Mastercard and American Express.

The QSA designation is a formal qualification granted by the Payment Card Industry Security Standards Council, which also sets the PCI DSS. QSAs assess compliance with the PCI DSS.


Severe consequences

Grant Thornton has suggested the severe consequences of non-compliance point to the advantages of engaging QSAs with audit backgrounds.

One example of the severity of non-compliance is a $60 million settlement by payment card processors Heartland Payment with Visa following a security breach, Grant Thornton said.

“A QSA with this background has the experience necessary to confirm compliance, the skills to integrate PCI DSS with other governance, risk management and compliance initiatives and also deliver a higher level of assurance of a more formal approach rooted in often decades of experience of providing independent assurance services,” Grant Thornton business risk advisor Chris Anderson said.

Grant Thornton Canada has released a white paper on PCI DSS auditing, Out of the breach.


NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. A roundup of the latest news and analysis, sent every Wednesday.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy


Thank you for subscribing to International Accounting Bulletin