MasterCard Site Data Protection


Programme For Merchants

The MasterCard Site Data Protection Programme is designed to help issuers, acquirers, retailers and Service Providers—Third Party Processors (TPPs) and Data Storage Entities (DSEs)—proactively to protect themselves and the overall payment system against the threat of compromises. MasterCard Site Data Protection identifies vulnerabilities in security and Web site configurations. A key focus of the programme is to help acquirers ensure that retailers and payment transaction providers store MasterCard account data in accordance with the Payment Card Industry Data Security Standard (PCI Data Security Standard).

Since the goal of the MasterCard Site Data Protection Programme is to comply with the PCI Data Security Standard, merchants and service providers must demonstrate this compliance to their respective acquirer(s) using the following tools:
  • Onsite Reviews
  • Security Self-assessments
  • Security Scans

Retailers are a central focus of the MasterCard Site Data Protection Program. These businesses typically have access to and may sometimes store MasterCard account data. MasterCard Site Data Protection is designed to ensure that only necessary data is stored, and that it is stored in accordance with the appropriate security standards.

Retailers that store, process or transmit MasterCard account data are required to demonstrate compliance with the Payment Card Industry Data Security Standard (PCI Data Security Standard). For a retailer to be considered compliant, all Service Providers that store, process or transmit MasterCard account data on behalf of the merchant must also be compliant.

Merchant Levels Defined Merchant Requirements Compliance Considerations