June 24, 2009
-
News: MC Introduces New Security Process
MasterCard (MC) announced that it is changing a prime requirement for businesses that process between one million and six million debit and credit card transaction a year. MasterCard, one of the founding members of the Payment Card Industry Security Standards Council, says the change will require these organizations, categorized as level two companies, to retain a Qualified Security Assessor (QSA), a third-party onsite security assessment. The move is part of an initiative to deter the increasing growing entity of identity theft and credit card fraud plaguing the nation and world. Previously MC required merchants to manually complete a self-assessment pertaining to their security. Many of these reports are susceptible to error and in some cases merchants fail to comply leaving customers' credit card information at risk. MasterCard is the first in the industry to require the new security assessment which is scheduled to go into effect December 31, 2010.
To date, the requirements set down by the PSI DSS standards for the protection and processing of credit card transactions are not law, but supporters believe they should be. Some states have been debating the subject and have been faced with great opposition. Nevada, however, has taken matters into their own hands by becoming the first state to mandate compliance with PCI DSS. According to the law, called Security of Personal Information, any organization doing business in Nevada must adhere to the current PCI DSS as adopted by the PCI Security Standards Council by their required deadlines. The Nevada law extends beyond those businesses who process credit card transactions to include other organizations that may transmit personally identifiable information, by mandating that companies transmit this data in an encrypted format.
Once again MasterCard becomes a leader in the industry by implementing this new requirement. The process is expected to cost merchants added expense, however, it provides a watchful eye over customers' personal information as well as the merchant's security network during the debit and credit card transaction procedure. Additionally, the QSA contains up-to-date information whereas company's compliance personnel generally have a lag in staying current.