The Federal Trade Commission said on Monday (March 7) that it has issued orders to nine companies in an effort to get information from them as to how they assess other firms in order to assure compliance with Payment Card Industry Data Security Standards (PCI DSS).
The agency said in a press release that the firms that have received the orders to turn over information tied to the assessment parameters include: Foresite MSP, LLC; Freed Maxick CPAs, P.C.; GuidePoint Security, LLC; Mandiant; NDB LLP; PricewaterhouseCoopers LLP; SecurityMetrics; Sword and Shield Enterprise Security, Inc.; and Verizon Enterprise Solutions (also known as CyberTrust).
As the FTC explained in its release, the PCI DSS audits are required by major payment card-issuing companies with presence in the retailing industry and in other industries that are responsible for processing more than 1 million card transactions within a given year. The PCI DSS efforts seek to ensure that companies offer and maintain stringent protections that safeguard consumers’ personal information.
In reference to the information being sought out by the FTC in illuminating the assessment process, the agency wants to see a few examples of the process, as well as information that extends beyond the assessments, including forensic audits. The FTC also wants evidence spotlighting how the aforementioned companies interact.
In asserting its own authority to request that information, the FTC said that it can issue orders for special reports to be filed via Section 6(b) of the FTC Act and noted in its release that the vote to issue the orders for the PCI DSS information was four to zero.