MasterCard has withdrawn a requirement for Level 2 merchants to hire a PCI-approved auditor for an annual onsite data security assessment.

"The credit card company made waves this summer when it increased PCI compliance requirements for merchants processing between one million and six million transactions annually," writes Security Bytes' Marcia Savage. "The first assessment was due by Dec. 31, 2010, but PCI expert Branden Williams writes in his blog that MasterCard backed off on the requirement."

"Now, QSA-conducted onsite assessments are at the discretion of the Level 2 merchant," Savage writes. "Williams notes that the company also is aligning its merchant levels with Visa."

Click here to read the Security Bytes story.