PCI Audits

With FORO, I'm hearing that the wiggle room or really the instructions and guidelines for the auditors are going to get tighter and tighter. You can hire firms for two engagements and you can go to a third party auditor at a U.S.-based firm instead of having an IT team do it on its own. The QSA will be totally different and they'll be screened off, but then they'll come in and do it. That'sgoing to be a much more effective approach then. It would be very problematic ifyou're literally a QSA came in and said, fix this,. fix this, fix this,Fix this,fix this."