Regulatory Compliance, Governance and Security

Aug 24 2009   12:18AM GMT

MasterCard SDP Program | Attention Level 2 Merchants | PCI DSS



The MasterCard SDP Program has essentially made changes that now require Level 2 Merchants to have an annual on-site review of their security controls by a Qualified Security Assessor (QSA) for purposes of complying with PCI DSS. Let me state for the record, as a QSA, this is big news. There are now scores of Level 2 Merchants that cannot “Self Assess” anymore, thus having to comply with an actual on-site assessment by a QSA. And to be fair, can you really blame MasterCard when the chatter of late has been that most merchants simply “check the box” on their self-assessment, not giving it much though or due care. Well, not any more as Level 2 Merchants will now need to be prepared to face the rigors of an annual on-site assessment.

My advice, find a competent, cost-effective QSA who really knows what he/she is doing. Second, engage with a Qualified Security Assessor Company (QSAC) to conduct a PCI DSS Readiness Assessment for determining how “ready” your organization is for actually undertaking an annual on-site assessment. They take time to complete and require resources, to say the least.

If you want to learn more about PCI DSS, visit the Official PCI DSS Resource Guide.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: