A QSA or Qualified Security Assessor is the person who guides and audits merchants and service providers in order to achieve a PCI compliance status. The QSA works with merchants to conduct a PCI assessment provide support and guidance during the compliance process, defines the PCI scope of audit, selects a good sample, evaluates compensating controls and produces the final report.

All merchants, whether small or large, need to be PCI compliant. The payment brands have collectively adopted PCI DSS as the requirement for organizations that process, store or transmit payment cardholder data. PCI SSC is responsible for managing the security standards while each individual payment brand is responsible for managing and enforcing compliance to these standards.

But to really appreciate the kind of protection PCI SSC provides to you, it's important to take a step back and understand how credit card fraud takes place to begin with. We're not talking about the individual theft here. For an individual card to be stolen and then used online or for a transaction, is a risky proposition for the thief. If you know your card is stolen, you'll take immediate preventive action.

Instead what happens is that a lot of cards are stolen. So one party steals the card, and then trades it online. There are actually websites where these card numbers are auctioned off in bulk. For obvious reasons, these websites keep on changing their location and let their "clientele" know the next domain via email.

People will eventually sell credit card data in batches at a time where the going rates are generally between 1-2 US dollars each, but it also dependent on quality of quality of Cardholder Data.For instance, data stolen from high profile restaurants in London or New York where rich clients dine may sell for up to US$100 each due to the fact that these people don't bother checking their credit card statements. The stolen numbers are traded online and then used for mail orders and online shopping.