Bob Carr gets it.

He had to suffer through one of the largest credit card breaches on record to get there, but he gets it.

Four-Eyes, by theogeo

Four-Eyes, by theogeo

Digital Transactions Magazine published an article featuring Carr entitled Don’t Hire a QSA by Seeking the Lowest Bid, Warns Heartland’s Carr.  In it, Carr painfully recalls how his previous assessors did not provide him much value, and how the low-cost bid rarely ever the best bid.  If you read his article, he doesn’t specifically argue that costs should start escalating quickly, but rather he argues that companies should spend the time to get a QSA that does a thorough job, and is not motivated to get in the door, go as quick as possible, and get out the door to have a prayer at breaking even.

On Friday, I wrote about Bill Brenner’s “4 Ways to get the Most from your QSAs,” and believe that his first point, “Choose your vendor wisely” falls into the very essence of what Carr is talking about.  I’ve noticed that more merchants are taking our general advice of interviewing your QSA before you hire them.  If price is your only motivating factor, be prepared to be both disappointed and disillusioned with the entire QSA process.  If you underestimated the cost of your assessment, it’s time to go back to the well to get the funds to do it right.

Of course, this attitude requires foresight.  Which would you rather do: ask for more money today, or ask for a TON more money tomorrow because you had a breach?  Most would pick the former, but their actions paint a different picture.

Hindsight is, of course, 20-20.

Don’t Hire a QSA by Seeking the Lowest Bid, Warns Heartland’s Carr

This post originally appeared on

Possibly Related Posts: