So it appears MasterCard took a quiet U-turn over the festive break and dropped the requirement for an onsite QSA audit for level 2 merchants for July 2010: http://www.mastercard.com/us/sdp/merchants/merchant_levels.html A more sensible date of 30 June 2011 is listed, along with the footnote that Merchants can use their own staff as long as they have […]

I get asked this a lot, but default MD5 and SHA-1 hashing algorithms should not be acceptable means to render cardnumbers unreadable in the eyes of a security professional, or QSA. Although the hashing algorithm itself is secure, any information that has been hashed using MD5 or SHA-1 is now easily retrievable through the use