As tier-three and tier-four PCI deadlines come and go and as penalties stiffen, businesses will increasingly look to third-party auditors and assessors to find all their security holes before the PCI auditors do, security experts say.
But assessors won't only be relegated to the enterprise. Smaller businesses with limited budgets will likely form some sort of affiliation or partnership with Qualified Security Assessors that want to expand into new markets.
By the same token, expect to see an upsurge in consulting services and practices, experts say.
A list of QSAs can be already be obtained from the PCI Security Standards Council Web site.
"Merchants are being forced to take some sort of action," said Amer Deeba, CMO of Qualys. "If they are still taking some steps to do something that the standard talks about, in a sense that does improve their security situation."
