PCI Program Fee Analysis v0.1 (2017-04-10)
The PCI Security Standards Council is well into its second decade of operations, and I thought it would be interesting to better understand their revenue model. At the time, I was experimenting with R, RStudio, RMarkdown, and many other packages in the ecosystem. I do a lot of work in R, but this is the first package I made public.
Once you have done the above, you are ready to go.
How to Use this Package
This is an RMarkdown report that can be compiled on the fly. It is presented free of charge with no expressed or implied warranties. USE AT YOUR OWN RISK. After you clone the GitHub project, just go re-export all the public information available on the Council’s website and re-knit the .Rmd document.
Quick and dirty Revenue Summary
The following summary contains all the data that was possible to calculate based on the data provided on the Council’s website (as of April 2017). For example, you can see fees for things like Acquirer and Awareness training, but no details are public on the number of individuals trained in each program.
Program | Initial Fee | Annual Fee | ——- | ———– | ———- | Participating Organizations | $2,876,250 | $2,876,250 Approved Scanning Vendor (ASV) Program | N/A | $1,906,850 Internal Security Assessor (ISA) Program | $2,568,410 | $1,881,210 Payment Application-QSA (PA-QSA) Program | $13,235,400 | $600,820 PCI Forensic Investigator (PFI) Program | $979,250 | $871,750 PCI Professional (PCIP) Program | $3,614,910 | N/A PIN Transaction Security (PTS) Program | $2,472,000 | $1,236,000 Point-to-Point Encryption (P2PE) Program | $1,254,400 | $171,600 Qualified Integrators and Resellers (QIR)™ Program | $412,800 | $344,000 Qualified Security Assessor (QSA) Program | $15,520,400 | $8,283,000 Community Meeting Revenue | N/A | $600,000 TOTALS | $42,933,820 | $18,771,480 | |