Merchant Requirements

Once you understand how the MasterCard Site Data Protection Programme classifies your business, MasterCard recommends that you familiarise yourself with the following Payment Card Industry (PCI) documents:

  • Audit Procedures and Reporting
  • Security Scanning Procedures
  • Self-Assessment Questionnaire
  • Security Standard


Achieving MasterCard Site Data Protection compliance makes you compliant with the PCI Data Security Standard.

Download The PCI Data Security Standard (PDF)

Retailers will need to follow validation procedures to achieve compliance with the PCI Data Security Standard.


Here is a summary of the compliance process for merchants:
  1. Identify the MasterCard Site Data Protection classification for your business.
  2. Review the PCI documentation, validation tools and procedures.
  3. Engage one of the identified vendors, as appropriate, and follow the validation procedures.
  4. Share your completed compliance materials with your acquirer. Once you successfully demonstrate compliance, your acquirer will register your business with MasterCard on an annual basis as compliant with the PCI standard.