Text size Increase Font-SizeDecrease Font-SizeReset Font-Size

Payment Application QSAs

Payment Application Qualified Security Assessor (PA-QSA) companies are organizations that have been qualified by the Council to have their employees assess compliance to the PCI PA-DSS standard. Payment Application Qualified Security Assessors are employees of these organizations who have been certified by the Council to validate an entity’s adherence to the PCI PA-DSS.

Please note, the PCI Security Standards Council maintains an in-depth program for security companies seeking to be certified as Payment Application Qualified Security Assessors (PA-QSAs), as well as to be re-certified as PA-QSAs each year.

Certification and re-certification indicate only that the applicable PA-QSA has successfully met all PCI Security Standards Council requirements to perform PCI data security assessments, and the PCI Security Standards Council does not endorse these security solution providers or their business processes or practices.

Although the PCI Security Standards Council strives to ensure that the list of Payment Application Qualified Security Assessors linked to this page is current, the list is updated frequently and the PCI Security Standards Council cannot guaranty that the list is current at all times. Accordingly, each time a client engages a PA-QSA, the client is advised to check this list on a regular basis to ensure that its PA-QSA has successfully maintained its status as a Payment Application Qualified Security Assessor.

Search by Company Name, Place of Business, Servicing Market and Supported Languages.
Results: 77
Page: 1 2 3 4

Company Place of Business Primary Contact Servicing
Markets
Supported
Languages
Digital Security Russia Alexandra Golik
alexandra@dsec.ru
+7 812-703-1547
CEMEA English, Russian
DirectDefense James Broome
jbroome@directdefense.com
T- +1-303-359-3954
USA English
Europoint Networking Sweden Björn Sjöholm
+46 705 220110
bear@europoint.se
Europe English, Danish, German, Norwegian, Swedish
FishNet Security USA Mark Carney
pci@fishnetsecurity.com
+1 888-732-9406
LAC, USA, Canada English
Foregenix UK, Greece, Romania, South Africa, Uruguay Stuart Nash
snash@foregenix.com
T- 44 7545 431036
Europe, LAC, CEMEA English
FortConsult A-S Denmark, Australia, Greece, Lithuania, Russia, Singapore Lars Syberg (Scandinavia)
ls@fortconsult.net
+45 70207525
Kim Schlyter (Europe)
ksc@fortconsult.net
+45 20614981
Audrius Vizbaras (Baltics)
audrius.vizbaras@fortconsult.net
+370 65 5 43776
Zoja Antuchevic (Russia, Kazakstan, Ukraine)
zoja.antuchevic@fortconsult.net
+7 915 20 92 801
Michael Beier (Africa)
mdb@fortconsult.net
CEMEA, Europe, Asia Pacific English, Afrikaans, Danish, Dutch, German, Greek, Russian, Swedish, Romanian
Fortrex USA Peter Spier
spierp@fortrex.com
1-877-Fortrex
USA English
GRsee Consulting Israel, Europe, Italy, USA Ben Ben Aderet
ben@grsee.co.il
-3865671
Europe English, Hebrew, French, Russian
HALOCK Security Labs USA Jeremy Simon
pci@halock.com
+1 847-221-0200
USA English
Informzaschita Russia Irina Zadonskaya
pcidss@infosec.ru
+ 7 495 980 2345 (ext.775)
CEMEA Russia, English
Internet Security Auditors Spain Daniel Fernandez Bleda
pcidss@isecauditors.com
34-93-305-13-18
Europe English, Spanish
Internet Security Systems a wholly owned IBM Company
**In Remediation**
USA, Canada, Mexico, Panama, Colombia, Chile, Brazil, Argentina, Peru, Puerto Rico, US Virgin Islands, Austria, UK, France, Italy, South Africa, Denmark, Germany, Belgium, Finland, Greece, Romania, Lithuania, Sweden, Netherlands, Austria, Spain, Poland, Portugal, Russia, Czech Republic, Croatia, Egypt, Israel, Dubai, Australia, New Zealand, Singapore, Hong Kong, Japan, China William Eduardo Gonzalez (AP, US, Europe, EMEA)
wegonzal@us.ibm.com
+1-602-363-5169
Asia Pacific, CEMEA, Canada, LAC, USA, Europe Arabic, Chinese (Simplified), Chinese (Traditional), Chinese (Mandarin), English, French, French Canadian, German, Greek, Hebrew, Italian, Japanese, Korean, Russian, Portuguese, Spanish
Intersec Worldwide USA Mikken Tutton
pci@intersecworldwide.com
T-949-270-0504
USA English, Portuguese, Spanish
IOActive, Inc. USA PCI@ioactive.com
Christian J. Moldes
Associate Director
IOActive
USA English
IQ Information Quality Colombia David Guillermo Angarita
Guillermo.Angarita@iqcol.com
T – 571-6196392
LAC Spanish
K3DES, LLC USA Jim Richardson
Jim.richardson@k3des.com
+1 713-545-5867
Asia Pacific, USA, Canada English
Kima Projects & Services Italy Mauro Bregolin
Mauro.bregolin@kimaps.com
-8404185
Europe English, Italian
Loop Technology Pty Ltd Australia Marcin Choluj
Mcholuj@looptech.com.au
T- 61-450-589-467
Asia Pacific English
McGladrey LLP USA Julie Perkins
563.888.4074
julie.perkins@mcgladrey.com
USA English
Megaplanit, LLC USA Frank Nudo
fnudo@megaplanit.com
T-1-224-944-1488
USA English
 
Results: 77
Page: 1 2 3 4


* 'In Remediation' status indicates a determination by the Council, after Quality Assurance review, that a QSA organization has violated applicable QSA Validation Requirements. This status may result from failure to comply with any number of applicable QSA Validation Requirements. QSAs are notified when remediation is required, and QSAs listed as "In Remediation" may be actively seeking to remedy this status. For more about remediation please visit https://www.pcisecuritystandards.org/news_events/docs/0904_qsa_remediation_statement.pdf

For information about the status of a particular QSA, please contact that QSA.

*Servicing Markets Abbreviations
AP – Asia Pacific CEMEA – Central Europe, Middle East, and Africa LAC – Latin America and the Caribbean

Back to Top

The PCI Security Standards Council (the "Council") provides a variety of tools, questionnaires, guidance, FAQs, training resources and other materials and information to assist organizations seeking to achieve compliance with its standards (the "Standards"). Third party products and services are also available, but the Council does not endorse or recommend any such third party products or services, and advises all organizations seeking to achieve compliance to become familiar with the Standards and related requirements before purchasing third party products or services. Ultimately, all applicable requirements must be met in order to achieve compliance, regardless of whether or what third party products or services are used.