PCI DSS. Society of Payment Security Proffessionals rapporterar.
"Level 2 Merchants Required to Have On-Site Assessment by QSA
On June 15, 2009 MasterCard International introduced several changes to their Site Data Protection (SDP) program. Among these changes was a new requirement for Level 2 Merchants to undergo an on-site assessment by a Qualified Security Assessor in order to validate their PCI DSS compliance. The initial deadline for these validations is December 31, 2010.
Previously, Level 2 Merchants were required to submit an Annual Self-Assessment Questionnaire and undergo Quarterly Network Scans by an Approved Scan Vendor (ASV).
Level 1 Merchants Must Use QSA
In addition to the above announcement, MasterCard also announced that Level 1 Merchants must a Qualified Security Assessor for their validation assessment. In the past, Level 1 Merchants were able to self-assess and submit a Report on Compliance, provided an officer of the company signed the Report. Under the new Site Data Protection rules, this option is no longer available.
It should be noted that Visa Inc's site indicates that "Level 1 merchants should engage a Qualified Security Assessor to complete the Report on Compliance and provide the report to their acquirer. Alternatively, acquirers may elect to accept the Report on Compliance from a Level 1 merchant, provided that a letter signed by a merchant officer accompanies the report." (emphasis added) Information on Visa's merchant validation requirements can be found on their CISP site. "
Prenumerera på:
Kommentarer till inlägget (Atom)
Inga kommentarer:
Skicka en kommentar