Regulatory Compliance, Governance and Security

Jul 17 2009   12:45PM GMT

PCI DSS Compliance | MasterCard SDP Changes Rules for Merchants

Charles Denyer Charles Denyer Profile: Charles Denyer

MasterCard has recently announced changes to their Site Data Protection program, which now requires BOTH Level 1 and Level 2 Merchants to retain a Qualified Security Assessor (QSA) to validate compliance in regards to PCI DSS.

This is truly a monumental shake up in the industry, as many Level 2 merchants that could “self-assess” in the past now have to engage with a QSA to perform an annual on-site assessment. As a QSA myself, i cannot give hard and fast number as to how many merchants this will affect, but i can tell you that it will be a high number indeed. Level 2 Merchants have quite honestly never been exposed to the time, expenses, and arduous undertakings of an annual on-site PCI DSS assessment. What’s more, these costs will without question create significant financial constraints for Level 2 merchants.

Finally, MasterCard has designated that all Merchants identified as Level 2 merchants by other brands will also be classified as Level 2 for MasterCard. Call it reciprocity, simple and to the point.

MasterCard has also redefined the Service Provider thresholds and their respective levels to align with Visa.

My advice, find yourself a good, competent, knowledgeable Qualified Security Assessor.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: