More On MasterCard's Level 2 Merchant Security Rules

Yesterday, I posted about the fact that Level 2 Merchants Now Need QSR Assessments.   Here's excerpts in a followup story from CIO.com

MasterCard Beefs Up Security Requirements

In a move that is unlikely to sit well with many merchants, MasterCard has quietly changed a key security requirement for all businesses handling between 1 million and 6 million card transactions annually.

By Jaikumar Vijayan

Thu, June 18, 2009 — Computerworld
Staring Dec 31, 2010 companies that fall into this category, called Level 2, will be required to undergo an onsite review of their security controls by a MasterCard approved third-party assessor.

Presently, such merchants are only required to fill out a self assessment evaluating their compliance with MasterCard's Site Data Protection requirements. It's only the Level 1 merchants -- those processing more than 6 million cards annually -- that are currently required to do on-site assessments.

It is unclear immediately what might have prompted the change on MasterCard's part. Requests for comment from MasterCard were not returned.

MasterCard, Visa and the other major credit card companies currently require all companies that accept payment card transactions to comply with security requirements called the Payment Card Industry Data Security Standard, or PCI DSS. But each has its own standards for assessing compliance with PCI requirements.

The change marks one of the few instances where Mastercard has issued a security mandate ahead of Visa, which has generally been the most aggressive proponent of PCI.

Continue Reading at CIO

Related articles by Zemanta

• More Investment Needed to Secure Credit Cards (pindebit.blogspot.com)
• Heartland Reinstated to Visa's List of PCI DSS Providers (pindebit.blogspot.com)