Once you understand how your company is defined in the SDP Program, you need to familiarize yourself with the applicable Payment Card Industry (PCI) documents. These documents include the PCI Audit Procedures and Reporting, the PCI Data Security Scanning Procedures, the PCI Self Assessment Questionnaire and the PCI Data Security Standard.

Achieving PCI compliance means that you have met the technical requirements of the PCI Data Security Standard. SDP compliance requires the additional steps of compliance validation with your acquirer and for your acquirer to register you on an annual basis with MasterCard.

PCI Compliance

Click here for the PCI Data Security Standard

There are compliance validation tools you will need to utilize to successfully fulfill the technical requirements of the PCI Data Security Standard.

• Onsite Assessments
  • PCI Security Audit Procedures
  • Qualified Security Assessors
• Self assessment questionnaire
• Network Security Scanning: these are automated, non-intrusive web scans performed by SDP compliant vendors. The scans evaluate your web perimeter for any known vulnerabilities.
• PCI Security Scanning Procedures
• Approved Scanning Vendors

SDP Compliance

Compliance for Merchants can be seen as a 4 step process:

1. Identify the level classification in the SDP Program.
2. Review the PCI documentation and compliance validation tools.
3. Engage an approved vendor, as appropriate, and follow the compliance procedures.
4. Once you have successfully validated compliance with your acquirer, your acquirer will register you with MasterCard on an annual basis. It is this registration that formally signifies compliance with the SDP Program mandate.