The Number One Reason Businesses Fail Their QSA Audit

Hint: It’s not technology related.

August 16, 2018 • Published by

In the business world, compliance audits are a fact of life. Standards must be followed, and each governing body must receive its assurances. The Payment Card Industry Data Security Standard (PCI DSS) is one of the more common standards businesses face, due to the prevalence of credit card payment acceptance.

Businesses that are subject to a PCI QSA audit are required to undergo a formal, third-party assessment of their PCI compliance each year. Just like a financial audit or legal review, we’re looking for documentation and other assurances that the standard is effectively in place and maintained.

Your CFO wouldn’t go into a financial audit blind, and your legal team wouldn’t respond to an inquiry without first doing its homework, yet 40-50 percent of IT professionals are unprepared when our QSA knocks on their door. This is the number one reason the assessment fails.

I recently wrote a short PayThink piece for In the article, I share tips on how to lay the necessary groundwork for your QSA audit so that you save time and, more importantly, your business saves money.

Click here to read: “PCI Audits Should Be Treated The Same As Financial Exams” on