rocknbil - 6:15 pm on Aug 22, 2010 (gmt 0)
Usually the credit card company requires your merchant provider to choose them (example, Visa says A.N. must require compliance of customers, I **think** the merchant provider chooses the company that does the audit.) The good news is, the merchant provider usually foots the bill for the quarterly scans, last I checked it was $700/year. Ours uses Security Metrics.
Non-compliance = +20/month or so from your merchant provider. Waived if you pass the scans.