How to Determine Service Provider Level and Validation Requirements
MasterCard requires all Service Providers to be PCI Compliant. All Third Party Processors (TPPs) are considered Level 1 Service Providers. Data Storage Entities (DSEs) are categorized as Level 1 or Level 2 Service Providers based on annual MasterCard transaction volume.
Based on level, please review the Service Provider validation requirements and engage an Approved Scanning Vendor (ASV) or Qualified Security Assessor (QSA) as necessary.
Once compliant, please submit a signed Attestation of Compliance (AOC); or for those SAQ eligible, please submit the SAQ D AOC and latest clean scan to MasterCard at firstname.lastname@example.org
Please note: As of October 1, 2010, MasterCard will only list those Service Providers that also are registered and approved as a MSP with the MasterCard Registration Program (MRP) and those that also have successfully completed an annual onsite assessment.