Search Resultsreciprocity

MasterCard/Visa Remove Reciprocity standard

WHAT ARE YOU LOOKING AT?, by nolifebeforecoffee Thanks to a fellow reader for pointing this out! It appears that MasterCard and Visa (sorta) have removed the reciprocity statements from their level definitions. Discover still has the reciprocity statement on their levels, American Express and JCB never used reciprocity for their level definitions (to my best recollection). Several industry insiders have been told that it was never the intent...

Continue Reading

The Best of 2009 standard

Stay Classy, San Diego! 2009 was an interesting year for all of us in information security. We lived through one of the largest breaches in our short history on this spinning blue ball eclipsed only by the inauguration of a unique president-elect. Anton Chuvakin & I published a book. I moved my blog here amidst a divestiture of my business at VeriSign. Apple released a new version of their operating system and a new iPhone. MasterCard went...

Continue Reading

Level 2 Merchants, Are Your Folks Trained? standard

Is anyone thinking about June 30, 2011 yet? If you are a Level 1 or Level 2 merchant, you certainly should be! Here’s why: MasterCard had a rough time last year. They made some new rules, they changed the rules, and then they removed many of those rules. This year, they worked out the kinks (arguably something they should have done before the first announcement) and have a revised set of requirements. Nicholas R Horne Remember us talking...

Continue Reading

October 2009 Roundup standard

Stay Classy, San Diego! Taking a hint from Anton Chuvakin’s blog, I thought I’d start posting the five most popular posts from the previous month. If you have not had a chance to read everything here, give these five a try! Here are the five most popular posts from last month: MasterCard/Visa Remove Reciprocity. This post details changes made on payment brand websites that appear to remove level reciprocity on merchants. Regardless...

Continue Reading

MasterCard’s Got Its Flippy-Floppies standard

The PCI DSS world was shocked yet again this week when MasterCard backed off its position from earlier this year, requiring Level 2 merchants to obtain validation from a QSA, and publicly are aligning its levels directly with Visa—including setting reciprocity with their levels. The reason I put “publicly” in there is because the merchant operating regulations are NOT public for MasterCard like they are with Visa, but I understand t...

Continue Reading

The Final Word on MasterCard’s New Levels standard

A Picture of Words, by dvux It’s been a little over a week now since MasterCard tool the PCI world by surprise and changed their reporting requirements for Level 2 merchants. Whether you are currently a Level 1 or Level 2 merchant, these changes affect you. Here’s the summary and rundown. MasterCard posted a change to their Site Data Protection program that requires Level 2 merchants to use a QSA and perform an on-site assessment...

Continue Reading

MasterCard Clarifies their Position standard

FINALLY! An official statement from MasterCard! Last night, MasterCard posted a four page FAQ on their website to help us deal with the onslaught of buzz that came from their original posting. Some of it anecdotal and humorous (albeit literally true), some of it from this very blog. Here’s the meat of what you need to know: Streeter Seidell, Comedian, by Zach Klein Level 1 merchants that engaged an internal audit team before 15 June 2009...

Continue Reading

Subscriptions Deal with Transactions Times Twelve standard

I was talking to a company that accepts credit cards for monthly subscription or service dues (think something as simple as paying your electric bill with your credit card) and when I asked them what level merchant they were, I was shocked to have them tell me they were at the top end of the Level 3 bracket! While I do not advocate focusing your PCI DSS efforts based only on your validation requirements, but it is interesting to consider what...

Continue Reading

Visa Allows Non-US EMV Merchants to forego PCI Assessments standard

Escape hatch, by rubber paw Interesting note from Visa yesterday. They have given non-US merchants an escape hatch (Visa Europe’s version is here and differs from the Visa Inc. version in several ways) for validating PCI DSS compliance annually if they meet four specific requirements: The merchant must have validated PCI DSS compliance previously or have submitted to Visa (via their acquirer) a defined remediation plan for achieving...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!