MasterCard Vs. Visa: Dueling Compliance Philosophies
People don’t seem to “get” MasterCard. For most of the last 4 years, MasterCard has been criticized for their apparent willingness to let Visa play the “bad guy” who issues fines to acquiring banks (and, through them, to merchants), who extends the PCI standards to application vendors (through PABP, now PA-DSS) and who generally takes [...]
MasterCard Becomes The First Card Brand To Publish PCI Fines
The noncompliance assessment structure now contains escalating assessments per violation within a calendar year,” said the document sent to members earlier this summer. “Maximum assessments for initial noncompliance for Level 2 and Level 3 merchants have increased to $25,000 and $10,000, respectively. Furthermore, the $500,000 annual aggregate maximum for acquirer noncompliance assessments related to program [...]
MasterCard seeks to clarify remote POS security upgrades policy #PCI
MasterCard today clarified a June 15 bulletin about the use of remote key injection (RKI) services for upgrading encryption protocols on merchants’ point of sale (POS) terminals, saying it was not an edict.
via MasterCard seeks to clarify remote POS security upgrades policy.
MasterCard halts remote POS security upgrades #PCI
In a purported second major security change in recent weeks, MasterCard has decided to disallow merchants’ use of remote key injection (RKI) services to install new encryption keys on point-of-sale (POS) systems, says a Gartner analyst.
via MasterCard halts remote POS security upgrades.
Making PCI Stand For Coordination & Impact : Daniel Wallace
Onsite PCI assessments are not cheap. First make certain that you have to comply with the onsite assessment requirement.
Although all of the major card brands are partners in PCI-DSS the number of transactions are counted by individual card brand.
For example, a merchant that processes 2 million credit card transactions will not necessarily be a Level [...]
MasterCard Gets PCI Tough With Level 2 Retailers?
MasterCard has changed its PCI rules and is now insisting that all Level 2 merchants have on-site assessments.
“This is a dramatic change from the current, industry wide requirement of self-assessing for merchants processing less than six million transactions annually,” wrote Branden Williams, in his excellent Security Convergence Blog, which seems to have broken the story [...]
Heartland Hit With $12M Breach Tab – InternetNews.com
Compliance was already on every manager’s mind before Heartland Payment Systems reported that a breach early this year cost it $12.6 million during Q1, 2009 in expenses and accruals.
Of those costs, $6 million were in fines from MasterCard and almost $1 million from Visa for alleged failures in PCI compliance.
via Heartland Hit With $12M Breach [...]
PCI Compliance: Frequently Asked Questions
Payment card industry compliance is confusing for many ecommerce merchants. But it potentially affects every merchant that accepts credit cards payments. Failure to understand the PCI compliance standards could result in higher merchant account fees and fines from the credit card issuers.
Merchants oftentimes have similar general questions on PCI compliance. We posed some of them [...]
Identity Theft – PCI Chiefs Defend Standards, Plans – eWeek Security Watch
It’s a gross oversimplification of an utterly staggering technical and social challenge, and he knows it as well as anyone, but it’s hard to argue with PCI Security Standards Council General Manager Bob Russo’s assertion that when it comes to improving electronic data security and related matters of individual privacy, “something is much better than [...]
Retailer Wireless Devices Largely Unprotected
A new survey shows 44 percent of the wireless devices used by retailers are vulnerable to attacks by data thieves. And that’s the good news. A year ago, the same Motorola survey showed 85 percent of retailers were sitting targets for drive-by data attacks. New PCI standards phasing out Wireless Equivalent Protocol–the weakest form of [...]
