How should retailers select a Managed Security Services Provider?

  • Team Omega
  • April 28, 2014

With the advent of PCI DSS 3.0, the question of picking the right Managed Security Services Provider has become quite critical to retailers.

So, how do you go about doing that?  Here are some questions to ask them.

  1. Are they certified as a Level I Service Provider?  If yes, who certified them.
  2. Can they share a few customer testimonials and references?
  3. How many years have they been in business?
  4. Have they dealt with customers who have experienced breaches?
  5. Have they dealt with customers who have received letters from acquiring banks to show proof of compliance?
  6. Have they themselves experienced any breaches?
  7. Or, have their customers experienced any breaches?

If a retailer finds all the answers on the Service Provider they are looking to hire, and if they match the qualifications a 100%, it is quite safe to go with the Provider.

If a Service Provider’s solution to data security and PCI compliance is dependent on putting a box in, that should raise red flags.  In particular, all Level 1 and Level 2 merchants need to be watchful of how they choose a Managed Security Services Provider as QSAs ask for more details than ever before.  The recommendation is to go with a MSSP who not only provides the right solutions, but also is a true partner of the retailer year after year through the long PCI journeys.

For more questions and guidance, contact us at 636-557-7777 or email