On June 15, 2009 MasterCard International introduced several changes to their Site Data Protection (SDP)program.  Among these changes was a new requirement for Level 2 Merchants to undergo an on-site assessment by a Qualified Security Assessor in order to validate their PCI DSS compliance.  The initial deadline for these validations is December 31, 2010.

MasterCard has posted a change to their Site Data Protection program that requires Level 2 merchants to use a QSA and an on-site assessment. This is a dramatic change from the current, industry wide requirement of self-assessing for merchants processing less than six million transactions annually.

While this is definitely going to put a dent in Level 2 merchant budgets from this point on, there have been a number of breeches involving larger merchants and creating higher risk for the card brands. This is not an unexpected move by MasterCard and so far none of the other card brands have changed their status. It’s unclear if others will follow suit, but regardless, if you are defined as a Level 2 merchant with ANY card brand, you are automatically a Level 2 with MasterCard, and are now required to have an on-site assessment.

Previously, Level 2 Merchants were required to submit an Annual Self-Assessment Questionnaire and undergo Quarterly Network Scans by an Approved Scan Vendor (ASV).





8 Reasons It’s Time To Change Your IT Provider

your guide to understanding why it may be time to change IT providers.


Exclusive details include:


 - Recurring Issues
 - Slow Response Times
 - Constant Up-selling
 - Forcing pre-payments
 - Lack of Transparency
 - Blaming and Finger Pointing
 - Lack of Flexibility
 - Lock In

Thank you for your interest.  We'd love the opportunity to help you find the best payment processing plan for your business. We look forward to talking with you.

Currently Processing Credit Cards?

Please complete this form to have a specialist contact you.

We’d love to chat.

Looking to

Start a Project?

Scroll to Top