Posted on August 19th, 2009 No comments
People don’t seem to “get” MasterCard. For most of the last 4 years, MasterCard has been criticized for their apparent willingness to let Visa play the “bad guy” who issues fines to acquiring banks (and, through them, to merchants), who extends the PCI standards to application vendors (through PABP, now PA-DSS) and who generally takes the heat for PCI.Now MasterCard is taking what can only be called a “get tough” policy, issuing larger fines and, most significantly, forcing both Level 1 and Level 2 merchants to use assessors rather than take on the task of self-assessment.
Follow this link:
MasterCard Vs. Visa: Dueling Compliance Philosophies
Posted on July 15th, 2009 No comments
Small business owners may be too ignorant to ever be PCI compliant. PCI Columnist David Taylor recently participated in a webinar, a live seminar and a survey all aimed at small business, and all part of separate efforts aimed at building awareness about the importance of PCI compliance to small to medium size enterprises (SMEs). In each case, the presenters were struggling, trying to figure out just how “basic” to be when explaining PCI compliance.Pretty darn basic, actually.
Continue reading here:
“What’s an Acquirer?” And Other Noteworthy SME Questions
Posted on July 14th, 2009 No comments
Following word of a “if breached, we’ll cover some of your costs” program from Heartland, fellow payment processor Mercury Payment Systems has launched its own program, one featuring $40,000 of reimbursement from any of its retail customers that are breached. Mercury officials stress that it’s far from a reaction to Heartland, as Mercury started its program in late June and Heartland is only promising it for later this year.The Mercury program is limited to retailers who “have successfully completed their SAQ and quarterly scans and remedied any highlighted issues,” said Kim Mackay, Mercury’s VP of marketing. “This is as much as 15K towards a 3rd party forensic audit and as much as 25K toward fees and fines.
Continue reading here:
Mercury Offers $40K Compensation For Its Breached Retailers
Posted on June 4th, 2009 No comments
Is it justifiable to implement a less secure technology if employees’ jobs are preserved in the process? GuestView PCI Columnist David Taylor has noticed a “protectionism” trend when it comes to the outsourcing of payment management for the purpose of reducing PCI compliance scope.”We’re talking about companies opting to store and manage more credit card and other confidential data than necessary, and we suspect protecting jobs in technology, compliance and finance is the main reason for this,” Taylor writes. “But is this necessarily bad?”
Rethinking Payment Security Outsourcing