The U.S. Federal Trade Commission (FTC) has ordered nine companies that conduct audits of merchants, processors, and other companies assessing compliance with the Payment Card Industry Data Security Standards (PCI DSS) to provide information on exactly how they do their work. The FTC says the request for information is not related to any complaint, to a search for wrongdoing, or to groundwork tied to future legal action. When a failure to adequately protect data is determined, the FTC can take action through civil lawsuits. However, it also promotes data security through education, policy i...