Re: MasterCard backs off Security, Leave Cardholders at Risk

[fscwi () hotmail com]

This only applies to the requirements for PCI vulnerability scanning.  All applications involved with processing credit 
card transactions must still undergo a full scale in depth web application test as defined in the PCI Security Audit 
Standard.  The difference is the web application security test standard states it must be done on an annual basis, and 
can be done by either an outside vendor or using internal staff.  Vulnerability scanning on the other hand must done on 
a quarterly basis (for most merchants) by an outside service provider that has been evaluated and approved by 
MasterCard.

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. Change the way you 
think about application security testing - See for yourself. 
Download a Free Trial of AppScan 6.0 today!

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
--------------------------------------------------------------------------