Security Bytes

Dec 21 2009   6:33PM GMT

MasterCard reverses PCI compliance requirement

Marcia Savage Marcia Savage Profile: Marcia Savage

Level 2 merchants do not need to obtain a QSA onsite assessment.

MasterCard has apparently reversed its decision earlier this year that required Level 2 merchants to hire a PCI-approved auditor complete an annual on-site data security assessment.

The credit card company made waves this summer when it increased PCI compliance requirements for merchants processing between one million and six million transactions annually. The first assessment was due by Dec. 31, 2010, but PCI expert Branden Williams writes in his blog that MasterCard backed off on the requirement. Evan Schuman of StorefrontBacktalk also writes about the company’s quiet change in plans

MasterCard did not immediately respond to a request for comment, but the company’s website indicates the change in requirement. Now, QSA-conducted onsite assessments are at the discretion of the Level 2 merchant. Williams notes that the company also is aligning its merchant levels with Visa.

The dropped on-site assessment requirement will save Level 2 merchants money, but Williams said the move is a step backward for MasterCard in pushing compliance.

“Those in the industry know that self assessments are great, but because some of them are completed by individuals without a core understanding of the PCI DSS regulations, the false positive and negative rates are much higher,” he wrote.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: