PCI SSC advisory on unauthorized representation and solicitation of funds by MGMX Compliance

PCI SSC advisory on unauthorized representation and solicitation of funds by MGMX Compliance

19 July 2016

PCI Security Standards Council has learned that an organization holding itself out as “MGMX Compliance Division” or
“MGMX Compliance” is soliciting retail merchants, offering to review or complete on the merchant's behalf the PCI
Council’s copyright-protected Payment Card Industry Data Security Standard Self-Assessment Questionnaire (SAQ),
ostensibly to enable the merchant to avoid “further security action” and “a temporary suspension of [the merchant’s] card
processing” privileges. The written solicitation seeks payment of $49.50 for questionnaires completed by the mer chant
and $89.50 for questionnaires completed by
MGMX for the merchant.

Although these written solicitations prominently display the PCI Council’s federally registered logo, and may cause the
recipient to believe that they are being sent on behalf of the PCI Council, these communications do not originate from and
are not authorized by the PCI Council. MGMX has no affiliation whatsoever with the PCI Council.

The PCI Council does not require users of the Self-Assessment Questionnaire to remit fees in connection with the filing of
the questionnaire. Additionally, only companies in good standing as qualified participants in applicable PCI Council
programs (for example, QSAs, ASVs, QIRs, PFIs, etc.) are authorized to use its trademarks and logos, and then only after
executing the appropriate trademark license agreement with the PCI Council.

Should you or one of your customers receive a communication like the one described above, from MGMX or any other
person or entity, please advise the PCI Council by reporting it to: QSA@PCISecurityStandards.org.