QSA Certification Requirements and Risks

Our QSAs will get your business PCI compliant quicker and smarter.

STRATICA is your most qualified and experienced QSA organisation operating in Australia.

Get a Quote

Fines and Risks
Fines start at US$10,000 per month for falsely stating compliance. You can also be blocked from processing cards, which will ultimately end your ability to conduct business.

The safest bet is for you to talk to a Quality Security Assessor (QSA). Don’t just tick the boxes, and hope for the best.

Rest assured that you are 100% QSA compliant and QSA certified – Work with STRATICA.

We are uniquely positioned (as Australia’s only PCI forensic investigator) to see the faults others won’t.

At STRATICA, we use our exclusive, Australian-hosted software tools (the VigiOne portal) to streamline the review process and jointly sign off with you.

Our StraticaOne Portal, powered by VigiTrust is an efficient, effective, and secure alternative to the dreaded and complex PCI spreadsheet template!

We will save you time and money with our process and tools.

A QSA is qualified by Payment Card Industry (PCI) Security Standards Council (SSC) to perform PCI Data Security Standards (DSS) on-site assessments. STRATICA is the most qualified and experienced QSA operating in Australia

Mastercard states that, “All merchants that store, process or transmit cardholder data must be PCI compliant. Each merchant that is categorised as a Level 1, Level 2, or Level 3 merchant is required to report compliance status directly to its acquiring bank.”

If you are processing more than six million dollars in credit card transactions per year, you are deemed to be a Level 1 Merchant, and you must complete a compliance report (ROC) with a qualified QSA.

If you are a service provider that processes more than 300,000 online transactions, you are also a Level 1 Merchant, and you are required to use a QSA company for your compulsory QSA audit.

Merchant Requirements for QSA Certification (independent audit)

Independent QSA Assessment

Level 1, (Level 2, bank dependent)

Self-Assessment Questionnaire (SAQ)

Level 2, Level 3 and Level 4

External Vulnerability Scans

An essential requirement of the Payment Card Industry Data Security Standard (PCI DSS) is the PCI vulnerability scanning requirement. This requirement requires companies to perform internal and external vulnerability scans four times a year (every three months) and after any significant network changes, irrespective of its size.

Level 1, Level 2, Level 3 and Level 4.

A SAQ is a validation tool available to merchants that are not required to complete an on-site assessment. It allows merchants to self-assess their PCI DSS compliance.

However, it is a common mistake for Level 3 and Level 4 Merchants to incorrectly self-assess and sign-off their compliance, when they are not fully compliant. It is highly recommended that Level 3 and Level 4 Merchants work alongside a qualified QSA, to oversee the completion of their SAQ.

At STRATICA, we use our exclusive, Australian-hosted StraticaOne portal (powered by VigiTrust) to streamline the review process and jointly sign off with you.

For Level 2, Level 3, and Level 4 Merchants, STRATICA will complete an evidence-based review of your SAQ to help you to remedy the areas that you are lacking and get you compliant.

As demonstrated time and time again in the media, every business needing PCI compliance should have a QSA.

I’d like more information about:

QSA Audit

QSA Certification Requirements

SAQ Review Assistance

Vulnerability Scan