Uncategorized

MasterCard Site Data Protection Program

by

July 31, 2023

It’s vital you have the information you need to stay compliant when you’re processing credit card payments.

Part of this is ensuring you meet the requirements of the various credit card issuers like Visa, AMEX, and Mastercard. In this article we’ll be exploring credit cards issued by Mastercard and governed by the Mastercard Site Data Protection (SDP) Program.


What is the Mastercard SDP?

Just like other card providers, a large part of Mastercard’s requirements is making sure you’re complying with all aspects of PCI DSS — A set of guidelines and regulations on taking payment, securing information, and protecting your systems. If you’re not already familiar with it, be sure to check out our article on PCI compliance.

Mastercard’s SDP program is comprised of various rules, best practices, and compliance tools to ensure compliance with PCI. Mastercard states that the program is intended to help customers, businesses, and providers protect against data breaches, enhances consumer confidence, and helps protect the integrity of the card payment ecosystem.

But what does it actually mean for you?

Once you’ve ensured that you’re meeting PCI DSS standards, you’ll need to make sure you’re compliant with Mastercard’s Site Data Protection program. In this article, we’ll break it down into easily understandable steps.

Find Out What “Level” You Are

Mastercard decides what you need to do based on the “level” it assigns to your business, called the “merchant level.” Levels run from 1 (highest) to 4 (lowest). The higher your level, the more you’ll need to do for the SDP. Mastercard levels may overlap with Visa levels, but be sure to check all the requirements. Here are the factors to help decide what level you are.

Level 1 Merchants

You are a level 1 merchant if one or more of the following are true:

  • Credit card or account data you hold has been hacked, attacked, or compromised.
  • You’ve processed more than six million Maestro and Mastercard transactions in the last year.
  • Visa has determined you are a level 1 merchant. (Check your Visa level.)
  • Mastercard assigns you the status of level 1 merchant.

Level 2 Merchants

You are a level 2 merchant if one or more of the following are true:

  • You’ve processed more than one million but fewer than six million Maestro and Mastercard transactions in the last year.
  • Visa has determined you are a level 2 merchant.

Level 3 Merchants

You are a level 3 merchant if one or more of the following are true:

  • You’ve processed more than 20,000 but fewer than one million Maestro and Mastercard ecommerce transactions in the last year.
  • Visa has determined you are a level 3 merchant.

Level 4 Merchants

If you don’t meet any of the criteria above, you’re considered a level 4 merchant.

While we’ve provided these level outlines as a guide, Mastercard has stated that deciding your merchant level can raise questions. They recommend you contact your bank and ask for assistance.

Here’s what Mastercard needs you to do, based on your merchant level. Links below the chart also provide more information on each requirement.

MasterCard SDP levels

Qualified Security Assessor

PCI Self-Assessment
Approved Scan Vendor

Once you know what you need to do for the Mastercard Site Data Protection Program, you’ll need to contact an approved vendor to carry out the requirements and go through the validation process. Then, after you’re verified as compliant, let your bank know and they will confirm your compliance to Mastercard.

Useful Resources and Further Information

TwitterFacebookLinkedIn
Ben Dwyer

BY Ben Dwyer

Ben Dwyer began his career in the processing industry in 2003 on the sales floor for a Connecticut‐based processor. As he learned more about the inner‐workings of the industry, rampant unethical practices, and lack of assistance available to businesses, he cut ties with his employer and started a blog where he could post accurate information about credit card processing. As the blog gained in popularity, Ben began directly assisting merchants in their search for a processor. Ben believes in empowering businesses by providing access to fair, competitive pricing, accurate information, and continued support. His dedication to transparency and education has made CardFellow a staunch small business advocate in the credit card processing industry.

Please join the conversation

Your email address will not be published.

FOUND THIS USEFUL? SHARE THIS!
 

Credit Card Processing exposed

Use the secrets that credit card processors don't want
you to know to drastically lower your credit card
processing fees.

Read Now!
 

You might also like…

American Express Data Security Operating Policy
Visa-Cardholder-Information-Security-Program

View all articles