Comments on: Level 2 merchants are going to have to get serious about PCI http://www.mckeay.net/2009/06/17/level-2-merchants-are-going-to-have-to-get-serious-about-pci/ The views of one man on security, privacy and anything else that catches his attention. The views expressed on this blog do not reflect the views of my employer or anyone other than myself. Thu, 02 Feb 2012 21:45:54 +0000 hourly 1 http://wordpress.org/?v= By: Martin http://www.mckeay.net/2009/06/17/level-2-merchants-are-going-to-have-to-get-serious-about-pci/comment-page-1/#comment-4835 Martin Wed, 24 Jun 2009 21:24:06 +0000 http://www.mckeay.net/2009/06/17/level-2-merchants-are-going-to-have-to-get-serious-about-pci/#comment-4835 David, I wish that this had been discussed with the industry as a whole before MC had gone through with it, but I see it as a good thing regardless. I'd heard rumors earlier this year that this was something that was being contemplated, but so far everyone I've talked to said the move caught them by surprise. Martin David,

I wish that this had been discussed with the industry as a whole before MC had gone through with it, but I see it as a good thing regardless. I’d heard rumors earlier this year that this was something that was being contemplated, but so far everyone I’ve talked to said the move caught them by surprise.

Martin

]]> By: Dave Whitelegg http://www.mckeay.net/2009/06/17/level-2-merchants-are-going-to-have-to-get-serious-about-pci/comment-page-1/#comment-4833 Dave Whitelegg Wed, 24 Jun 2009 11:32:36 +0000 http://www.mckeay.net/2009/06/17/level-2-merchants-are-going-to-have-to-get-serious-about-pci/#comment-4833 I was speaking with some of the senior folk at Visa Europe about this recently, it is fair to say they were rather surprised by this move by MasterCard, and said Visa had no plans to follow suit in requiring level 2 merchants to under go an inaugural onsite assessment by a QSA. The cards schemes can set their own criteria in regards to PCI DSS assessment requirements; however I personally don’t think it is good for the PCI standard to have disjointed assessment requirements. I appreciate the competition laws, but for me PCI's main strength is it is an industry agreed and accepted standard, so I am hoping this doesn’t lead to further fractures and disjointed messaging. I was speaking with some of the senior folk at Visa Europe about this recently, it is fair to say they were rather surprised by this move by MasterCard, and said Visa had no plans to follow suit in requiring level 2 merchants to under go an inaugural onsite assessment by a QSA.

The cards schemes can set their own criteria in regards to PCI DSS assessment requirements; however I personally don’t think it is good for the PCI standard to have disjointed assessment requirements.

I appreciate the competition laws, but for me PCI’s main strength is it is an industry agreed and accepted standard, so I am hoping this doesn’t lead to further fractures and disjointed messaging.

]]> By: Network Security Blog » Saturday morning reading for 06/20/09 http://www.mckeay.net/2009/06/17/level-2-merchants-are-going-to-have-to-get-serious-about-pci/comment-page-1/#comment-4822 Network Security Blog » Saturday morning reading for 06/20/09 Sat, 20 Jun 2009 14:32:37 +0000 http://www.mckeay.net/2009/06/17/level-2-merchants-are-going-to-have-to-get-serious-about-pci/#comment-4822 [...] off, I have a cluster of stories on PCI.  MasterCard stunned a lot of us this week by changing the requirements for Level 2 merchant, making it mandatory for them to have an annual [...] [...] off, I have a cluster of stories on PCI.  MasterCard stunned a lot of us this week by changing the requirements for Level 2 merchant, making it mandatory for them to have an annual [...]

]]> By: Interesting Information Security Bits for 06/18/2009 | Infosec Ramblings http://www.mckeay.net/2009/06/17/level-2-merchants-are-going-to-have-to-get-serious-about-pci/comment-page-1/#comment-4819 Interesting Information Security Bits for 06/18/2009 | Infosec Ramblings Thu, 18 Jun 2009 20:42:38 +0000 http://www.mckeay.net/2009/06/17/level-2-merchants-are-going-to-have-to-get-serious-about-pci/#comment-4819 [...] Martin says, Level 2 merchants are now faced with a little bit higher bar to get over. Network Security Blog >> Level 2 merchants are going to have to get serious about PCI Tags: ( pci [...] [...] Martin says, Level 2 merchants are now faced with a little bit higher bar to get over. Network Security Blog >> Level 2 merchants are going to have to get serious about PCI Tags: ( pci [...]

]]> By: Chaordic Mind » MasterCard change for L2 merchants increases the market for QSAs by 2-4x http://www.mckeay.net/2009/06/17/level-2-merchants-are-going-to-have-to-get-serious-about-pci/comment-page-1/#comment-4810 Chaordic Mind » MasterCard change for L2 merchants increases the market for QSAs by 2-4x Thu, 18 Jun 2009 06:12:57 +0000 http://www.mckeay.net/2009/06/17/level-2-merchants-are-going-to-have-to-get-serious-about-pci/#comment-4810 [...] actually more concerned about the currently overworked assessors having their workload added to.  Martin McKeay notes the following: “I’m hoping that the quality of the assessors doesn’t fall because of the huge influx of [...] [...] actually more concerned about the currently overworked assessors having their workload added to.  Martin McKeay notes the following: “I’m hoping that the quality of the assessors doesn’t fall because of the huge influx of [...]

]]>