FTC Investigating Credit Card Data Security
The Federal Trade Commission (FTC) has ordered nine companies to provide information on how they measure compliance with the Payment Card Industry Data Security Standards (PCI DSS).
In its press release, the FTC said it has requested information from Foresite MSP, LLC; Freed Maxick CPAs, P.C.; GuidePoint Security, LLC; Mandiant; NDB LLP; PricewaterhouseCoopers LLP; SecurityMetrics; Sword and Shield Enterprise Security, Inc.; and Verizon Enterprise Solutions (also known as CyberTrust).
These audits are required by payment card companies that process more than one million transactions a year on debit and credit cards, and are conducted to ensure that companies are doing enough to protect consumer personal information.
The FTC specifically requested details about the companies’ assessment processes, including examples of previous PCI DSS assessments, and information on additional services provided by the companies, including forensic audits.
Under Section 6(b) of the FTC Act, the agency can request these reports at any time. Members of the agency voted 4-0 to conduct this investigation.