Posted by: Charles Denyer
charles denyer, mastercard, Matercard site data protection program, merchants level 2, pci dss qsa, pci dss self assessments, qsa, qualified security assessor, reciprocity, sdp program, service providers
MasterCard has recently announced changes to their Site Data Protection program, which now requires BOTH Level 1 and Level 2 Merchants to retain a Qualified Security Assessor (QSA) to validate compliance in regards to PCI DSS.
This is truly a monumental shake up in the industry, as many Level 2 merchants that could “self-assess” in the past now have to engage with a QSA to perform an annual on-site assessment. As a QSA myself, i cannot give hard and fast number as to how many merchants this will affect, but i can tell you that it will be a high number indeed. Level 2 Merchants have quite honestly never been exposed to the time, expenses, and arduous undertakings of an annual on-site PCI DSS assessment. What’s more, these costs will without question create significant financial constraints for Level 2 merchants.
Finally, MasterCard has designated that all Merchants identified as Level 2 merchants by other brands will also be classified as Level 2 for MasterCard. Call it reciprocity, simple and to the point.
MasterCard has also redefined the Service Provider thresholds and their respective levels to align with Visa.
My advice, find yourself a good, competent, knowledgeable Qualified Security Assessor.