Mastercard® Updates for SDP Program

PCI compliance is an ongoing process for all parties involved — merchants, processors, card issuers and financial institutions. So it's important  

Main Content

Mastercard Updates for SDP Program

May 31, 2017

Mastercard® Updates for SDP Program

PCI compliance is an ongoing process for all parties involved — merchants, processors, card issuers and financial institutions. So it's important to stay on top of the latest developments that help to keep payment processing safe from data breach and thieves.

Just recently Mastercard® announced revisions to its Site Data Protection (SDP) Program Standards to enhance merchant and service provider data security and align with payments industry requirements and trends. The updates are summarized below:

  • PCI DSS Risk-based Approach qualification criteria: Level 1 and Level 2 merchants located outside of the U.S. region may qualify as compliant with the Mastercard PCI DSS Risk-based Approach by validating compliance with the first two of six total milestones of the PCI DSS Prioritized Approach instead of the first four milestones.
  • PCI DSS DESV appendix compliance recommendation for L1 and L2 service providers: Mastercard recommends that Level 1 and Level 2 service providers demonstrate to Mastercard their compliance with the Designated Entities Supplemental Validation (DESV) appendix of the PCI DSS.
  • PCI DSS compliance validation alternative option for L3 and L4 merchants: Level 3 and Level 4 merchants may alternatively, at their own discretion, engage a PCI SSC-approved Qualified Security Assessor (QSA) instead of performing a self-assessment.
  • PCI SSC QIR engagement recommendation for merchants: Mastercard recommends that a merchant (regardless of level) use a Qualified Integrator & Reseller (QIR) listed on the PCI SSC website to implement a payment application compliant with the PCI Payment Application DSS (PCI PA-DSS).

Mastercard will incorporate the revised standards into a future edition of the Security Rules and Procedures Manual – Chapter 10.3. The manual is available on Mastercard Connect™ under Publications. To learn more about why Mastercard has made these changes, download the Site Data Protection (SDP) Program – Frequently Asked Questions document.

Contact Us
About Our
Merchant Services

Get Started Now:

After you have submitted your information, a TSYS representative will contact you within the next 24 hours.
All fields are required to submit form. Your information is private and secure. We do not accept adult businesses