MasterCard Becomes The First Card Brand To Publish PCI Fines

[security curmudgeon <jericho () attrition org>]

http://www.storefrontbacktalk.com/securityfraud/mastercard-becomes-the-first-card-brand-to-publish-pci-fines/

MasterCard Becomes The First Card Brand To Publish PCI Fines
Written by Evan Schuman
August 6th, 2009

MasterCard has become the first card brand to publish its PCI fines and 
related requirements, a move that could be the latest signal that 
MasterCard wants to step out of the PCI shadow of its larger rival, Visa. 
The dollars themselves do not reflect a radical change, although they do 
include some healthy increases.

The noncompliance assessment structure now contains escalating assessments 
per violation within a calendar year, said the document sent to members 
earlier this summer. Maximum assessments for initial noncompliance for 
Level 2 and Level 3 merchants have increased to $25,000 and $10,000, 
respectively. Furthermore, the $500,000 annual aggregate maximum for 
acquirer noncompliance assessments related to program noncompliance has 
been discontinued.

As for those escalations, MasterCard has grouped Levels 1 and 2 together. 
The first violation for those groups is $25K, jumps to $50K for the second 
violation, $100K for the third violation and $200K for the fourth. Level 3 
retailers face first through fourth violation fines of $10K, $20K, $40K 
and $80K. Service providers that are ranked either Level 1 or Level 2 will 
see first through fourth violation fines of $25K, $50K, $100K and $200K.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php