|
|
|
|
|
|
|
As a merchant, it is important for you to understand how the MasterCard Site Data Protection Programme classifies your business. This classification will determine the procedures that you are required to follow.
The matrix below identifies the four MasterCard Site Data Protection Merchant Levels and the required validation procedures and compliance dates for each Merchant Level.
| Merchant Defnition |
Criteria |
On-site Review |
Self-Assessment |
Network Security Scan |
Compliance Date |
| Level 1 |
- All merchants, including electronic commerce merchants, with more than six million total MasterCard transactions annually
- All merchants having experienced an account compromise
- All merchants meeting or exceeding the Level 1 criteria of a competing payment brand
- Any merchant that MasterCard, at its sole discretion, determines should meet the Level 1 merchant requirements
|
Required Annually1 |
Not Required |
Required Quarterly2 |
30 June 2005 |
| Level 2 |
- All merchants with annual MasterCard e-commerce
transactions between 150,000 and 6 million
- All merchants meeting or exceeding the Level 2 criteria of a
competing payment brand
|
Not required |
Required Annually |
Required Quarterly2 |
30 June 2004 |
| Level 3 |
- All merchants with annual MasterCard e-commerce transactions between 20,000 and 150,000
- All merchants meeting or exceeding the Level 3 criteria of a competing payment brand
|
Not Required |
Required Annually |
Required Quarterly2 |
30 June 2005 |
| Level 4 |
|
Not Required |
Recommended Annually |
Recommended Annually |
Not applicable |
|
|
1 For Level 1 merchants, the annual on-site review may be conducted by either the merchant’s internal auditor or a qualified on-site security assessor.
2 To fulfil the network scanning requirement, all Level 1, 2 and 3 merchants must conduct scans on a quarterly basis using a trusted scanning vendor.
|
|
|
|
|
|
|
