Sign In
Skip Navigation Links
Skip navigation links
Home
About Us
Partners
Seminars
Services
Solutions
Government & Education
> About Us > MasterCard Relaxes PCI Assessment Rules for Level 1 and 2 Credit Card Merchants
Skip navigation links
Company Background
Office Locations
Company News
Contact Us
Company Literature
Careers
Technical Writer/Editor
Citrix Engineer
Senior Storage Architect
Account Manager
Microsoft AD/Exchange Consultant
Security Engineer
Solution Architect, IT Security
Solution Architect, Cisco Unified Communications
IT Project Administrator
Consultant, Infrastructure (CCIE - Cisco)
Jr. Engineer, Network Infrastructure (Cisco)
MasterCard Relaxes PCI Assessment Rules for Level 1 and 2 Credit Card Merchants 


FEBRUARY 2, 2010, HOUSTON -- In December 2009, MasterCard relaxed its earlier position requiring Level 1 and 2 credit card merchants (process >6 million and 1-6 million transactions per year respectively) to use independent third party Qualified Security Assessors (QSA) to perform mandatory on-site Payment Card Industry (PCI) assessments each year.  Originally, the third party on-site QSA assessments were to be conducted by December 31, 2010.  In response to industry feedback, MasterCard replaced the 12/31/2010 rules with criteria similar to their original requirements and consistent with Visa’s current requirements.

Under MasterCard’s new rules, Level 1 merchants have the choice of utilizing a QSA or members of their internal auditor staff to perform the mandatory annual on-site PCI Data Security Standard (DSS) assessment.  The only changes for Level 1 merchants will be that primary internal auditor staff engaged in validating PCI DSS compliance must attend PCI Security Standard Council (SSC) offered merchant training programs and pass any PCI SSC associated accreditation program each year. 

Also, Level 2 merchants are no longer required to conduct an annual on-site assessment but they may do so at their own discretion.  Level 2 merchants may choose to complete an annual self-assessment questionnaire (SAQ) and ensure that their internal staff conducting it attend PCI SSC-offered merchant training programs and pass any associated PCI SSC accreditation program each year.  As an alternative, Level 2 merchants have the option to complete an annual on-site assessment conducted by a PCI SSC approved QSA rather than complete their own SAQ each year.

Although Level 1 merchants may return to conducting their own on-site assessments using their own internal audit resources, some may still choose to employ the services of a third-party QSA to provide fresh insights and independent perspectives on meeting the extensive requirements of the PCI DSS.  Additionally, many Level 1 and 2 merchants are conducting PCI Readiness Assessments to obtain expert, up front guidance on their efforts to prepare and achieve compliance.

Accudata Systems is a PCI SSC certified QSA firm that has extensive experience performing the on-site assessments required by the card brands and has used this experience to build a phased-based PCI remediation approach to position its clients for success.  Accudata Systems has numerous QSA resources and consultants with payment card security experience dating back to the inception of the Visa Cardholder Information Security Program in 2000.

In addition to performing annual QSA on-site assessments, Accudata Systems offers PCI readiness consulting, PCI architecture and scope consulting, and PCI remediation services.  To find out more, please call Accudata Systems at 800-246-4908 or e-mail us at info@accudatasystems.com.

Click here to see the new 2010 guidelines at MasterCard’s Web site.

About Accudata Systems, Inc.
Accudata Systems is an IT consulting and integration firm with more than twenty-eight years of experience providing high impact IT services and integrated solutions. With focused competencies in Enterprise Platforms, Security, Infrastructure, Assessments & Compliance, Unified Communications, and Managed Services, Accudata Systems provides a full array of services ranging from technology assessments to project deployment and support. As trusted advisors to our clients, we assist them in creating and supporting a computing environment that maximizes their investment in information technology. Accudata Systems is headquartered in Houston, Texas and has offices in Dallas, Austin, San Antonio and Los Angeles. Get more information at www.accudatasystems.com.