Service Provider Levels Defined

As a Service Provider, it is important to understand how you are defined in the MasterCard SDP Program. This level of understanding will help define the compliance steps that you are required to complete.

The matrix below identifies Service Provider Levels, how they are defined, and the required validation procedures by Level.

Service Provider Definition

Criteria

Requirement

Level 1
  • All TPPs
  •  All DSE’s that store, transmit, or process greater than 1,000,000 total combined MasterCard and Maestro transactions annually                     
  • Annual Onsite review performed by a Qualified Security Assessor (QSA)
  •  Quarterly scan by an Approved Scanning Vendor (ASV)                     

Level 2
  • Includes all DSE’s that store, transmit, or process less than 1,000,000 total combined MasterCard and Maestro transactions annually                      
  • Annual Self-Assessment Questionnaire (SAQ)
  •  Quarterly scan by an Approved Scanning Vendor (ASV)                     


1 To fulfill the onsite review requirement, Service Providers must use a Qualified Security Assessor. Click here to find a Qualified Security Assessor.


2To fulfill the network scanning requirement, all Service Providers must conduct scans on a quarterly basis using an Approved Scanning Vendor.

Click here to find an Approved Scanning Vendor

[an error occurred while processing this directive]