The FTC is on a data breach enforcement roll. Last summer, the courts allowed it to fine companies with weak cybersecurity practices. Now, the FTC is taking a closer look at payments processing, checking to see how auditors measure compliance with industry rules.
Specifically, the FTC has requested information from PricewaterhouseCoopers, Mandiant, Foresite MSP, Freed Maxick CPAs, GuidePoint Security, NDB, SecurityMetrics, Sword and Shield Enterprise Security, and Verizon Enterprise Solutions, which is also known as CyberTrust.
The nine companies, a mixture of large and small compliance vendors, have 45 days to respond to detailed questions about how they measure compliance with the Payment Card Industry Data Security Standards.