Once you understand how the MasterCard Site Data Protection Programme classifies your business, MasterCard recommends that you familiarise yourself with the following Payment Card Industry (PCI) documents:
- Audit Procedures and Reporting
- Security Scanning Procedures
- Self-Assessment Questionnaire
- Security Standard
Achieving MasterCard Site Data Protection compliance makes you compliant with the PCI Data Security Standard.
Retailers will need to follow validation procedures to achieve compliance with the PCI Data Security Standard.
- Onsite reviews
- Network Security Scanning: These are automated, non-intrusive web scans performed by MasterCard Site Data Protection compliant vendors to evaluate your Web perimeter for any known vulnerabilities.
Here is a summary of the compliance process for merchants:
- Identify the MasterCard Site Data Protection classification for your business.
- Review the PCI documentation, validation tools and procedures.
- Engage one of the identified vendors, as appropriate, and follow the validation procedures.
- Share your completed compliance materials with your acquirer. Once you successfully demonstrate compliance, your acquirer will register your business with MasterCard on an annual basis as compliant with the PCI standard.