MasterCard Toughens Stance On PCI Compliance
As credit card security has become an increasingly important issue over the years, VISA has consistently been at the forefront of security standards and compliance. Be it the creation of new security standards (as was the case with the PABP) or the enforcement and strengthening of existing standards, VISA has generally been a leader in security standards compliance.
With the advent of the Payment Card Industry Security Standards Council (PCI SSC), a partnership of the major credit card issuers, and the transformation of PABP (a VISA administrated security standard) to PA-DSS, VISA has been joined by the other card issuers in prioritizing the security standards that have come to define the modern payment card industry.
Recent developments, in fact, could lead some to suggest that MasterCard is toughening its stance on PCI compliance. With recent updates to its merchant compliance plan, MasterCard has established its interest in re-vamping both merchant compliance and the penalties for non-compliance.
MasterCard’s recent update alters the requirements for Level 1 and Level 2 merchants. For Level 1 merchants that utilized an internal auditor prior to June 15, 2009, it is expected that they now validate PCI DSS compliance via an annual on-site assessment conducted by a Qualified Security Assessor (QSA).
Equally significant is the change for Level 2 merchants; all Level 2 merchants must now complete an annual on-site assessment performed by a QSA. For both Level 1 and Level 2 merchants, these changes must be implemented by December 31, 2010.
While these updates have relatively distant deadlines attached to them, the same cannot be said of MasterCard’s new fine structure. Beginning immediately, MasterCard will be imposing fines for non-compliance. In what is sure to prove controversial, MasterCard will be enacting financial penalties as follows:
| PCI DSS Level | Max. Penalty per Calendar Year | Violation |
| Level 1 & 2 | $25,000 | First Violation |
| $50,000 | Second Violation | |
| $100,000 | Third Violation | |
| $200,000 | Fourth Violation | |
| Level 3 | $10,000 | First Violation |
| $20,000 | Second Violation | |
| $40,000 | Third Violation | |
| $80,000 | Fourth Violation | |
| Level 1 & 2 | $25,000 | First Violation |
| Service Providers | $50,000 | Second Violation |
| $100,000 | Third Violation | |
| $200,000 | Fourth Violation |
PCI DSS first gave voice to the security standards of the Payment Card Industry but, with the above fines, MasterCard has given it teeth.
Related Posts and Pages:
Comments