Service Provider Levels Defined

As a Service Provider, it is important to understand how you are defined in the MasterCard SDP Program. This level of understanding will help define the compliance steps that you are required to complete.

The matrix below identifies Service Provider Levels, how they are defined, and the required validation procedures by Level.

Service Provider Definition

Criteria

Requirement

Level 1

  • All TPPs
  •  All DSE’s that store, transmit, or process greater than 300,000 total combined MasterCard and Maestro transactions annually                     
  • Annual Onsite Assessment1
  •  Quarterly Network Scan2                     

Level 2

  • Includes all DSE’s that store, transmit, or process less than 300,000 total combined MasterCard and Maestro transactions annually                      
  • Annual Self-Assessment Questionnaire (SAQ)
  •  Quarterly Network Scan2                     


1 To fulfill the onsite review requirement, all Service Providers must use a PCI SSC Qualified Security Assessor. Click here to find a Qualified Security Assessor


2To fulfill the network scanning requirement, all Service Providers must conduct scans on a quarterly basis using an PCI SSC Approved Scanning Vendor.

Click here to find an Approved Scanning Vendor