PCI Qualified Professionals Listings Overview

Council-trained and validated assessors help merchants evaluate the effectiveness of implementing PCI controls and processes. These
include Qualified Security Assessors, Approved Scanning Vendors, PCI Forensic Investigators and others.

Our site lists these trained professionals to help you implement validated payment solutions.

We also help you connect with Qualified Integrators and Resellers and other professionals to help you implement validated payment
solutions.

PCI Qualified Professionals

3DS

3DS Assessors are qualified by PCI SSC to perform assessments using the PCI 3DS Core Security Standard (Security Requirements and Assessment Procedures for EMV® 3-D Secure Core Components: ACS, DS, and 3DS Server)

An ASV is an organization with a set of security services and tools (“ASV scan solution”) to conduct external vulnerability scanning services to validate adherence with the external scanning requirements of PCI DSS Requirement 11.2.2.

Card Production Security Assessor (CPSA) Companies are security organizations that have been qualified by the Council to validate an entity's adherence to the PCI Card Production Logical Security and/or Physical Security Standards.

The Council’s Internal Security Assessor Program provides an opportunity for employees of ISA sponsor companies to receive training and qualification, to improve their organization’s understanding of the PCI Data Security Standard (PCI DSS), facilitate the organization’s interactions with Qualified Security Assessors (QSAs), enhance the quality, reliability, and consistency of the organization’s internal PCI DSS self-assessments, and support the consistent and proper application of PCI DSS measures and controls.

Organizations qualified by PCI SSC to validate P2PE Solutions and P2PE Components on behalf of P2PE Vendors are referred to as P2PE Assessor Companies; Organizations qualified by PCI SSC to validate P2PE Applications on behalf of Vendors are referred to as P2PE Application Assessor Companies.

PCI Forensic Investigators (PFIs) help determine the occurrence of a cardholder data compromise and when and how it may have occurred. These PCI Forensic Investigators are qualified by the Council’s program and must work for a Qualified Security Assessor company that provides a dedicated forensic investigation practice. They perform investigations within the financial industry using proven investigative methodologies and tools. They also provide relationships with law enforcement to support stakeholders with any resulting criminal investigations. 

The Qualified Integrator and Resellers (QIR) Program outlines guiding principles and procedures for the secure installation and maintenance of payment applications in a merchant environment, in a manner that supports their PCI DSS compliance efforts.

Qualified PIN Assessor (QPA) Companies are security organizations that have been qualified by the Council to validate an entity's adherence to the PCI PIN Standard.

Qualified Security Assessor (QSA) companies are independent security organizations that have been qualified by the PCI Security Standards Council to validate an entity’s adherence to PCI DSS.

The Secure Software Assessor course provides instruction on how to perform assessments of payment software in accordance with the Secure Software Requirements and Assessment Procedures (PCI Secure Software Standard).

The Secure Software Lifecyle (Secure SLC) Assessor course provides instruction on how to perform assessments of entities in accordance with the Secure Software Lifecycle (Secure SLC) Requirements and Assessment Procedures (PCI Secure SLC Standard).

Give Assessor Feedback

Your experiences with their service will help make the global team better!