ecfirst Certified as a PCI Security Standards Council Qualified Security Assessor (QSA)

Knowledge Transfer & Enabling Security Standards are in the ecfirst DNA

Waukee, Iowa August 22, 2016 - ecfirst, established in 1999, with 1000s of clients across the 50 U.S. states, and across five continents, announced today that it has successfully completed the PCI Security Standards Council Qualified Security Assessor (QSA) testing process and validated as compliant with the Payment Card Industry Data Security Standard (PCI DSS).

As a Qualified Security Assessor, ecfirst plays a vital role in enhancing the protection of payment card environments by conducting comprehensive risk assessments and advising on remediation actions to continuously evolve the enterprise security program.

“The PCI Security Standards Council is committed to helping everyone involved in the payment chain protect consumer payment data,” said Stephen Orfei, general manager of the PCI Security Standards Council. “By participating in the QSA certification process, ecfirst demonstrates they are playing an active part in this important end goal.”

ecfirst is certified to evaluate the security of merchant systems that store payment account data, help merchants manage data security risks, and assist in achieving compliance with the PCI DSS. In an era of advanced, persistent attacks on systems, the PCI DSS certification process reassures merchants that they are being assessed accurately and fairly against the most current payment industry requirements designed to protect their payment card data.

“Ensuring compliance mandates and security standards are met, are in the ecfirst DNA, with strong emphasis on knowledge transfer to clients in every step of the process,” said Ali Pabrai, chairman and chief executive of ecfirst. “The PCI security standards are the minimal capabilities that must be continuously implemented, monitored & managed. As a QSA, ecfirst is committed to ensuring the PCI DSS standard is a core component of any enterprise cyber security program.”

Endorsed by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc., the PCI Security Standards require merchants and service providers that store, process or transmit customer payment card data to adhere to information security controls and processes that ensure data protection. To enhance payment data security globally while embracing new technologies as they are developed, the Council relies on involvement of those across the payments processing chain, from merchants and service providers to payment device manufacturers and software developers, financial institutions and processors.


The PCI Security Standards Council is a global forum that is responsible for the development, management, education and awareness of the PCI Data Security Standard (PCI DSS) and other standards that increase payment data security. Founded in 2006 by the major payment card brands American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc., the Council has more than 700 Participating Organizations representing merchants, banks, processors and vendors worldwide. To learn more about playing a part in securing payment card data globally, please visit:

Connect with the PCI Council on LinkedIn:

Join the conversation on Twitter:!/PCISSC

ABOUT ecfirst:

ecfirst, established in 1999, is a firm with laser beam focus on compliance and cybersecurity. With thousands of clients across all 50 states, and five continents, ecfirst delivers tailored consulting, training and certification services. ecfirst serves the financial, banking, healthcare, IT, government (federal, state, county, city), legal and insurance industries. Specialized services include Cybersecurity Risk Assessment, Vulnerability Assessment, Penetration Testing, On-Demand Consulting, Managed Compliance and Managed Security. ecfirst, introduced the healthcare and IT industry’s first credential for HIPAA training and certification, the Certified HIPAA Professional (CHP) program. ecfirst also created the world’s first program on compliance and cyber security – Certified Security Compliance Specialist™ (CSCSTM) and recently launched the Certified Cyber Security ArchitectSM (CCSASM) program. ecfirst is a HITRUST Authorized CSF Assessor. For more information visit

Media contacts

John T. Schelewitz


PCI Security Standards Council
Laura K Johnson, Lindsay Goodspeed