MasterCard apparently is continuing to up the ante when it comes to PCI compliance. There are reports this week that the company has instituted new fines for merchants that are non-compliant with the PCI Data Security Standard. Branden Williams, PCI practice director at VeriSign, wrote about MasterCard’s new PCI fines on his blog Monday. According to Williams, MasterCard has been much quieter than Visa on the PCI enforcement front — until now. Robert Vamosi at Javelin Strategy and Research followed up with confirmation from MasterCard and some clarification on the new fines in a blog post Tuesday. Alas, I have not heard back from MasterCard on this subject.
The tougher stance on non-compliant merchants comes on the heels of MasterCard increasing PCI requirements for some merchants, including Level 2 merchants, which must now hire a PCI-approved auditor to complete an annual onsite data security assessment by Dec. 31, 2010.
Acquiring banks likely should be prepared for questions from their merchants on the new MasterCard rules.