PCI DSS Compliance | MasterCard SDP Changes Rules for Merchants
Posted by: Charles Denyer
qsa, pci dss qsa, mastercard, sdp program, merchants level 2, service providers, reciprocity, charles denyer, pci dss self assessments, Matercard site data protection program, qualified security assessor
MasterCard has recently announced changes to their Site Data Protection program, which now requires BOTH Level 1 and Level 2 Merchants to retain a Qualified Security Assessor (QSA) to validate compliance in regards to PCI DSS.
This is truly a monumental shake up in the industry, as many Level 2 merchants that could “self-assess” in the past now have to engage with a QSA to perform an annual on-site assessment. As a QSA myself, i cannot give hard and fast number as to how many merchants this will affect, but i can tell you that it will be a high number indeed. Level 2 Merchants have quite honestly never been exposed to the time, expenses, and arduous undertakings of an annual on-site PCI DSS assessment. What’s more, these costs will without question create significant financial constraints for Level 2 merchants.
Finally, MasterCard has designated that all Merchants identified as Level 2 merchants by other brands will also be classified as Level 2 for MasterCard. Call it reciprocity, simple and to the point.
MasterCard has also redefined the Service Provider thresholds and their respective levels to align with Visa.
My advice, find yourself a good, competent, knowledgeable Qualified Security Assessor.
0 Comments
RSS Feed
Email a friend
