Text size Increase Font-SizeDecrease Font-SizeReset Font-Size

Merchant Feedback Forms

Your Feedback Is Important

The PCI Security Standards Council urges all merchants and service providers (and others as appropriate) to fill out and return QSA and ASV Quality Feedback Forms after an engagement has been completed. Because payment card data security is so important, it’s critical that the highest levels of quality and professionalism are employed during audits and scans. In addition to rigorous required training and annual re-certification, the performance of each security professional company and individual is regularly evaluated, and your feedback is key to creating a complete picture.

QSAs and ASVs are contractually obligated to inform their clients of the online feedback tool upon commencement of services. Links to the forms are available through the Assessor look up tool. Your completed will be be submitted directly to the PCI Council Program Managers.

The Council will consider all feedback regarding QSAs/ASVs and will address any issues as needed on an individual basis. If a QSA or ASV is judged to be deficient in his or her efforts, the Council will recommend measures for improvement. If sufficient improvement is not made, the result could be disqualification for the QSA or ASV and removal from the website list.

If improvement is needed, the sooner it can be addressed, the better – the safety of large amounts of payment card data could depend on it. But if we don’t have the necessary feedback to begin with, we can’t fix any problems: please make sure to submit the Feedback Forms. Thank you for your help.

Back to Top

The PCI Security Standards Council (the "Council") provides a variety of tools, questionnaires, guidance, FAQs, training resources and other materials and information to assist organizations seeking to achieve compliance with its standards (the "Standards"). Third party products and services are also available, but the Council does not endorse or recommend any such third party products or services, and advises all organizations seeking to achieve compliance to become familiar with the Standards and related requirements before purchasing third party products or services. Ultimately, all applicable requirements must be met in order to achieve compliance, regardless of whether or what third party products or services are used.