Tags ArchivesMasterCard

MasterCard Releases Mobile POS Best Practices standard

Mobile POS is becoming a hotter topic as more vendors create hardware designed to leverage smartphones and tablets. To this end, MasterCard released a fantastic document detailing the Best Practices for Mobile Point of Sale. I have written before about how to make a mobile payment application comply with PCI DSS, and this document really goes into the details of the payment stream, the acceptance types, and great detail into the challenges and solutions for mobile payment acceptance. This document isn’t just for people who are considering mobile payment acceptance; every merchant should read this as someone in your organizations is already thinking along these lines (and maybe even piloting equipment). This is a key reference for me and I ...

Continue Reading

A Conversation with MasterCard standard

And finally, my conversation with John Verdeschi, Senior Business Leader, Payment Systems Integrity will wrap up my interviews and posts from the PCI Community Meeting that happened two weeks ago in Scottsdale, AZ. MasterCard is widely known as a major influence in the payment industry and is the number two player in the market behind Visa. If you have ever had to hire an Approved Scan Vendor (ASV) or filled out a Self-Assessment Questionnaire (SAQ), you can thank MasterCard as both of those items are largely distilled from their Site Data Protection (SDP) program. One of the first things that I had to ask about was how MasterCard’s new PCI DSS Risk-Based Approach framework compared to Visa’s Technology Innovation Program ...

Continue Reading

MasterCard Service Provider Registration Explained standard

MasterCard released (or re-released) a guide on how to become a registered and approved Member Service Provider (MSP) as a requirement to be listed as a compliant MasterCard Service Provider. The PDF linked above has a detailed process for completing this, including two major tasks spread out over several days. The first step is to apply for and receive your user ID under the MasterCard Registration Program. After you complete the six step process outlined in the PDF, you take a week vacation (or just wait five to seven business days). Once you get your ID, just run through the second set of five steps (though that last one is a doozy) and take another short vacation (or again, wait ...

Continue Reading

Level 2 Merchants, Are Your Folks Trained? standard

Is anyone thinking about June 30, 2011 yet?  If you are a Level 1 or Level 2 merchant, you certainly should be!  Here’s why: MasterCard had a rough time last year. They made some new rules, they changed the rules, and then they removed many of those rules.  This year, they worked out the kinks (arguably something they should have done before the first announcement) and have a revised set of requirements. Remember us talking about reciprocity last year? From the excellent post by Chris Mark on the end of the Level 4 Merchant to the retraction and strange website posts and commentary by MasterCard, reciprocity was a hotly debated issue.  As of this writing, the reciprocity on MasterCard’s website ...

Continue Reading

PCI SSC Launches Internal Security Assessor Program standard

The PCI Security Standards Council announced on Friday the creation of the Internal Security Assessor (ISA) program.  If you recall, we had some fun with MasterCard last year when they floated and then retracted some changes in their SDP program.  The one change that stuck will be causing a small subset of Level 1 merchants pain—the inability to self-assess. If you recall, Level 1 merchants have always been able to self assess IF they have a C-Level executive sign off on it. Self-assessing sounds attractive until that last part.  While the vast majority of Level 1 merchants choose to use a QSA, there are a few that have been self assessing for years.  In fact, one colleague in particular discussed ...

Continue Reading

MasterCard’s Got Its Flippy-Floppies standard

The PCI DSS world was shocked yet again this week when MasterCard backed off its position from earlier this year, requiring Level 2 merchants to obtain validation from a QSA, and publicly are aligning its levels directly with Visa—including setting reciprocity with their levels.  The reason I put “publicly” in there is because the merchant operating regulations are NOT public for MasterCard like they are with Visa, but I understand that level reciprocity remains in those regulations even though they were removed from the public facing information. This is why merchants and service providers alike don’t take deadlines seriously.  Visa has (in the US anyway) at least tried (and mostly succeeded) to stick by their deadlines, though I’m not sure ...

Continue Reading

MasterCard/Visa Remove Reciprocity standard

Thanks to a fellow reader for pointing this out!  It appears that MasterCard and Visa (sorta) have removed the reciprocity statements from their level definitions.  Discover still has the reciprocity statement on their levels, American Express and JCB never used reciprocity for their level definitions (to my best recollection). Several industry insiders have been told that it was never the intent of MasterCard to force a merchant that accepts a single JCB card to go through an on-site assessment if they did not meet the MasterCard threshold.  Now it appears that this is the case as the official merchant level definitions reflect exactly this. Unfortunately, the road does not end there.  In fact, it starts forking like crazy. Now that ...

Continue Reading

MasterCard Clarifies their Position standard

FINALLY!  An official statement from MasterCard!  Last night, MasterCard posted a four page FAQ on their website to help us deal with the onslaught of buzz that came from their original posting.  Some of it anecdotal and humorous (albeit literally true), some of it from this very blog. Here’s the meat of what you need to know: Level 1 merchants that engaged an internal audit team before 15 June 2009 must  validate compliance with a QSA by December 31, 2010. Level 2 merchants must ALSO validate compliance with a QSA by December 31, 2010. Internal assessments MAY NOT be performed.  The way that MasterCard words this, it appears to be a punt over to the Council.  If the Council would ...

Continue Reading

MasterCard to Fine Merchants for Non Compliance standard

OK, SOMEONE out there has some explaining to do. Like, right now.  Who poked MasterCard hard enough to wake them from hibernation? When it comes to actions against merchants, MasterCard has typically been much quieter than Visa.   We’ve had several customers come to us with new fines from MasterCard that will begin sometime in the next 18-21 months beginning NOW. Why the ambiguity?  None of our customers seem to have a date when the fines start!  This is a huge assumption here, but I will suggest that the fines would start after the 2010 deadlines for Level 1 & 2 merchants. Revisiting those deadlines, Level 1 & 2 merchants must produce a Report on Compliance from a QSA by December ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!