Comments on: MasterCard Gets PCI Tough With Level 2 Retailers?

By: Josh

Josh — Mon, 22 Jun 2009 19:48:23 +0000

Do we have any confirmation that Amex Level 2 (50k transactions) is -not- cause to be considered Level 2 for MasterCard?

I can’t imagine this would be true, but I need confirmation.

Thanks in advance!

By: Evan Schuman

Evan Schuman — Mon, 22 Jun 2009 00:46:34 +0000

Editor’s Note: Leslie’s note is valid. Like every other publication, we struggle with how much we assume our particular audience knows. If we spell out too much, the audience gets offended and concludes that we don’t know that space. (Example: If The Washington Post defined what a U.S. Senator is for a story about the status of a particular piece of Senate legislation. Such an explanation could easily alienate its audience.)
We often ask readers and update our style policy as times change. There was a time when we felt the need to spell out what PCI was, but we no longer feel that way, at least for our core audience.
To your comment, we made the assumption that the subset of our readers who would have an interest in reading a piece about MasterCard changing its policies regarding PCI requirements …. we concluded that that particular subset of our audience would know what a Level 2 merchant meant.
That said, it probably wouldn’t have hurt to thrown in a standard description at the end, defining each PCI Level, at least from MasterCard’s perspective.

By: Leslie Barrett

Leslie Barrett — Sun, 21 Jun 2009 22:50:05 +0000

Hi,

You forgot to mention that a MasterCard Tier 2 Merchant is clasified as having transaction volumes FROM 1 million up to 6 million per annum.

Your article sounds like every merchant is a tier 2.

Regards,

Leslie Barrett

By: John B. Frank

John B. Frank — Sat, 20 Jun 2009 16:20:10 +0000

According to the Society of Payment Security Professionals forum:

“Merchant level is defined by each brand (remember, the PCI Council owns the standards, but each brand enforces them). For example, while MC and Visa are aligned, Amex has only 3 merchant levels.

The key is to look at transaction count by brand. A common mistake I see is for merchants to total all their card transactions then look up their merchant level. Instead, read the requirements carefully: Visa only deals with Visa; MC with MC; Amex with Amex. Therefore I may have 10 million card trans per year, but if it is made up of 5 million Visa, 3 million M/C, and 2 million Amex, I’d be a Level 2 merchant.

The key is look at transactions by brand.

By: Branden Williams

Branden Williams — Fri, 19 Jun 2009 02:48:29 +0000

Thanks for the kind words! One thing to remember (and I’ll post something about this tomorrow), most card brands have reciprocity with other brands when it comes to determining levels. Thus, ALL Level 2 merchants, regardless of brand (because if you are a Level 2 with Visa, you are a level 2 with most, including MasterCard) will now be subject to this new requirement.

By: Da Juicer

Da Juicer — Thu, 18 Jun 2009 16:41:53 +0000

Trust me, QSACs make a killing at on site assessments. They pound up the hours and bill the snot out of the merchant. The problem is there aren’t enough on site assessments to keep the legion of QSACs/QSAs busy year round.

My money says, the smart L2 merchants will drop MC in favor of cash, VISA/Amex/Discover/JCB and tell MasterCard to suck rocks.