A representative from MasterCard contacted Blue Lance today with the following response to our queries. Chris Harrall, Senior Business Leader for MC’s Payment System Integrity Group responded with this Q & A:
Q: Is it accurate that MasterCard will require Tier 2 merchants to conduct annual on-site reviews of their security controls by third party QSAs?
A: The company announced revised requirements for Level 2 merchants to use a Qualified Security Assessor (QSA) to complete a mandatory annual onsite data security assessment by December 31, 2010.
Q: If so, when was the change made and why?A: These changes were announced in the MasterCard Global Security Bulletin No. 6 published on June 15, 2009 and distributed directly to MasterCard acquirers and processors. The current enhancement of validation requirements for PCI compliance provides for independent third party review, enabling consistency of application and implementation of DSS requirements.
Q: How much time do Tier 2 merchants have to comply with the new requirement?A: Level 2 merchants must use a Qualified Security Assessor (QSA) to complete a mandatory annual onsite data security assessment by December 31, 2010.
To view the post regarding this requirement change, click here.
Comments