MasterCard Revises L2 Validation Requirements

If your school has any Level 2 merchants, you might benefit from changes in MasterCard’s merchant level definitions (see here). If you have a Level 2 merchant for Visa, they are also L2 for MasterCard. Under MasterCard's rules introduced this summer, L2s will need to complete an onsite assessment by a QSA. The original deadline was December 31, 2010.As of yesterday, the new effective date is June 30, 2011. MasterCard is allowing 6 more months for Level 2 merchants and their processors to make the transition. There's more.The original requirement was for a QSA to prepare a Report on Compliance (ROC), but that, too, has been modified to give you an option of using your Internal Audit staff provided:“hat primary internal auditor staff engaged in validating PCI DSS compliance attend PCI SSC-offered merchant training programs and pass any PCI SSC associated accreditation program annually in order to continue to use internal auditors.” This means that while Level 2 merchants need an onsite assessment, they have the of using their Council-trained internal audit staff to conduct their onsite assessment if they choose. (continue reading...)