David vs Goliath

Forum Moderators: buckworks

Message Too Old, No Replies

David vs Goliath

Miklo

8:03 am on Aug 31, 2005 (gmt 0)

MasterCard announced drastic increases in penalties for Non-Compliance and has directed companies to focus on the implementation of and compliance with security requirements.
In addition to this, the current penalty structure, based on the length of non-compliance, has been replaced with penalties based on the PCI level of the merchant or TPP.

The new penalty structure:
Level 1 merchants, TPP's and DSE's: Up to 100.000 and USD 10.000 per day after 60 days, not to exceed 500.000

Level 2 merchants, TPP's and DSE's: Up to 50.000 and USD 10.000 per day after 60 days, not to exceed 500.000

Level 3 merchants, TPP's and DSE's: Up to 25.000 and USD 10.000 per day after 60 days, not to exceed 500.000

Who do they think they are? This really is a David vs Goliath story, although I can't see David winning this one. I am planning to give up right now, MasterCard is AGAIN changing their rules & regulations just to force us to be in compliance. I hate that company!

Easy_Coder

9:06 pm on Aug 31, 2005 (gmt 0)

that explains why my host got fully pci compliant last week... thanks

Mall23

6:56 am on Sep 2, 2005 (gmt 0)

PCI compliance isn't too tough. Mine was free and it took about an hour to fill out the form.

philbish

8:05 am on Sep 2, 2005 (gmt 0)

What is:

PCI?
TPP?
DSE?

Miklo

9:51 am on Sep 6, 2005 (gmt 0)

PCI = Payment Card Industry
TPP = Third Party Processor
DSE = Good question ;)

Miklo

1:16 pm on Sep 7, 2005 (gmt 0)

Mall23 stated:
'PCI compliance isn't too tough. Mine was free and it took about an hour to fill out the form.'

I don't think you have had a full PCI compliance, I think you have only registered your sales volume and number of orders per month.

A full PCI costs around 10,000 USD for 3PP companies. All merchants who have many sales and have their own direct merchant account with their own secure server have to be PCI compliant.

ecommerceprofit

3:51 pm on Sep 7, 2005 (gmt 0)

From usa.visa.com:

Level 4 is fewer than 20,000 visa e-commerce transactions per year. Level 3 is 20,000 to 150,000 visa e-commerce transactions per year.

So this is just visa transactions? If this is so, then many of us don't need to be in compliance? or does mastercard have a different policy (visa and mastercard transactions counted rather than just mastercard transactions?) - their web site is completely useless in describing what the minimum is...

BTW, our servers are quite secure and I keep security at the top of my list - I just think this compliance thing is totally stupid - the credit card cos. have ways of securing data but are slowwww to make things happen.

Mall23

5:35 pm on Sep 7, 2005 (gmt 0)

Miklo, you may be correct. I did it through xyz company and it was free. So maybe they gave me the "watered-down" version.

I'll have to double check and post my findings.

BananaFish

4:23 am on Sep 8, 2005 (gmt 0)

Mastercard and Visa simply want to bleed all the money out of merchants that that they possibly can. They are not really concerned with fraud, it's just a dog and pony show. Call them up next time you have a fraudulent or questionable order, and see how "helpful" they are.

Miklo

12:23 pm on Sep 8, 2005 (gmt 0)

Well, normal merchants with a direct merchant account just have to register with one of the official security assessors. Depending on the number of transaction there may be other requirements, but if you are below 20,000 transactions (both Visa and MasterCard), I don't think there is anything else you need to do.

Although many companies do consider security issues in their normal activities, the audits of these security assessors are very strict and they will find every hole.

The good thing about this is that the small and (maybe) fraud sensitive 3PP will disappear. The bad thing might be that they will also rule out 3PP who are on a small budget and just can't afford to have all those security issues installed.

I guess only time can tell.

David vs Goliath

Miklo

Easy_Coder

Mall23

philbish

Miklo

Miklo

ecommerceprofit

Mall23

BananaFish

Miklo

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week