According to the rules set forth by the major credit card brands and the Payment Card Industry Security Standards Council, all merchants that store, process, or transmit cardholder data must be PCI compliant.
On June 30, 2012, the process for validating compliance via a Self-Assessment becomes significantly more rigorous for MasterCard’s Level 2 merchants: Self-Assessments must be completed by employees that have attended PCI SSC Internal Security Assessor (ISA) training and have passed the associated accreditation program annually.
“MasterCard’s guidelines were first published in 2009, but many merchants have yet to send employees to ISA training. And even if they have, company officers may not want to sign their name to a Self-Assessment report developed solely by a rookie ISA,” says Kurt Hagerman, Coalfire’s PCI practice leader.
“The ISA training program–and by extension, an internally-led PCI attestation–is a great strategy for many merchants. But the program isn’t a shortcut to validation. All the PCI 2.0 requirements still apply, and merchants still need a fully-documented, evidence-backed report to protect themselves.”
To help those merchants, Coalfire has developed a PCI Level 2 Merchant Support Program. There are four elements to the program:
This program is available to anyone who can demonstrate that they have been classified by their processors as a Level 2 merchant.
According to MasterCard, a Level 2 merchant is: any merchant with more than one million but less than or equal to six million total combined MasterCard and Maestro transactions annually or any merchant meeting the Level 2 criteria of Visa.
“There are thousands of Level 2 merchants in the U.S. alone, and many of those will be asked for an ISA-signed SAQ or a report by an independent assessor like Coalfire,” says Rick Dakin, Coalfire’s CEO and chief security strategist.
“As the industry’s leading independent QSA, we know how much work is required to do an accurate assessment. That’s why we developed this program. We want to help them get more secure and avoid whatever fines and penalties banks might impose for non-compliance.”
For further information click here.
The five times weekly e-newsletter that keeps you up-to-date on the latest industry news and additions to this website.