Here is something I've been following for the past week or so, and I want to make sure you know about. According to Branden Williams' blog, MasterCard has instituted a schedule of fines for Level 1-3 merchants who are not compliant. The fines are quarterly, they escalate, and they continue until you validate compliance:
-- Levels 1 & 2: $25K first quarter; $50K second quarter; $100K third quarter; $200K fourth quarter.
-- Level 3: $10K first quarter; $20K second quarter; $40K third quarter; $80K fourth quarter.
Add it up. If you are a L3 merchant and it takes you a year to get compliant, you might need to add about $80K to your budget for the fines.
There is more here and here.
Most of you may remember Visa'a Compliance Acceleration Program which was a set of financial incentives and penalties to get L1-3 merchants compliant. Now MasterCard has joined the act in a big way.
I can't find anything at MasterCard's SDP site. I understand that the details went out in a letter to acquirers. So I recommend that you follow-up with your acquirer and see if this new policy affects your school.
Meanwhile I'll be monitoring developments and pass along what I learn.
How to Lose a Fortune with Just One Bad Click
47 minutes ago
I have tried to get some data on what the sanctions are for the cards and the only information that comes up comes from vendors and other 3rd/4th party references.
ReplyDeleteDoes anyone - ANYONE have a direct reference on what failing to be compliannt and cost of breach fees from the card providers are?
BTW SHAME ON THE PCI COUNCIL FOR NOT PUTTING THIS ON THIER WEBSITE. EVERY CARD COMPANY IS REPRESENTED IN THE COUNCIL. THERE IS NO EXCUSE TO SEND MERCHANTS TO THE WEB AND VENDORS FOR THEIR RISK ASSESSMENT. At least Amex is clear about theirs...