MasterCard Site Data Protection (SDP) Services

In Year 2003, MasterCard announced a stringent security program for its Acquirers and Merchants. The MasterCard Site Data Protection (SDP) program includes regular Network and Application security assessments, performed by a MasterCard SDP compliant vendor. Secure20 is a MasterCard SDP compliant security vendor, one of only twelve (12) in the world today.

MasterCard's vendor certification process is very thorough. The Secure20 certification scores were in the top percentile as compared to all vendors who participated in the testing process.

The SDP Program provides acquiring members with the ability to deploy a security compliance program. This ensures that an online merchant or an online Member Service Provider can be adequately protected against hacker intrusions and account data compromises.

The SDP Program includes the following elements:

The MasterCard Security Standard: a series of manuals providing security requirements and best practices for participating acquiring members, online merchants, Member Service Providers, and data security vendors.

Evaluation Tools: participants can demonstrate MasterCard Security Standard compliance by using the MasterCard Security Self-Assessment. With this tool, participants can self-evaluate their security posture.

Secure20 SDP Service: Secure20's MasterCard Site Data Protection Service is a proactive, cost-effective, and global solution. Our SDP Service includes compliance assessment, network & application vulnerability assessment services offered by Secure20.

Why Comply?

According to MasterCard, if merchants apply the SDP requirements and guidelines properly and consistently, the security and procedural controls offer the following benefits: 

Consumers Want Security - Recent media reports of hacker incidences, stolen credit card numbers, and identity theft have triggered – for consumers – a serious concern about information security. Today, consumers want absolute assurance from the businesses they are dealing with that their bankcard account and other personal identifiable information is safe.

Minimized Threat to Reputation and Financial Position - Financial and resource outlay is minimal compared to the costs associated with the reactive hiring of security and public relations specialists, or the loss of significant revenue and goodwill that can result from a compromise.

Competitive Edge - Consumer studies show that trust is a key factor in doing business with card-not-present merchants. Customers seek out merchants whom they feel are "safe."

Increase Revenues and a stronger bottom line - When it comes to improving profitability, a company's bottom line depends on adequate data security controls. With appropriate data security in place, you can protect your customers, limit risk exposure, and minimize the losses and operational expense that stem from compromised cardholder information.

Maintain a Positive Image - With the incredible growth of the Internet today, information security is on everyone's mind. Data loss or compromise not only hurts the cardholder, it can seriously damage a merchant's reputation.

Secure20 SDP Assessment and Compliance Services

As a leading provider of information security software and services, Secure20 can help your company understand the impact of MasterCard’s programs, those that help to protect private consumer information.

We have the high-security financial background and expertise in analysis, design, implementation, deployment, and post implementation analysis to help your organization achieve quick and ongoing compliance.

Secure20’s security experts can assist with SDP readiness risk assessments designed to provide an overall evaluation of your security architecture. This review includes a gap analysis of the IT portion of your technical infrastructure, your policies and procedures, and transactions processing system. The result is a comprehensive report that identifies your current security posture and compliance readiness and identifies existing or potential gaps in meeting the SDP requirements and guidelines.

Secure20’s approach to SDP compliance is both comprehensive and flexible. We bring value to this process by ensuring compliance without unnecessary cost, delay or disruption and creating a secure infrastructure that will be the catalyst for achieving sustained competitive advantage.

The SDP Compliance Risk Assessment has three basic components:

Comprehensive security audit

• Review and assessment of all security policies, procedures, and business processes

• Vulnerability Assessment of information systems & credit card transactions processing systems

• Vulnerability/penetration testing of merchant’s website

Deliverables

The deliverables of the SDP Compliance Risk Assessments are:

1.) Gap analysis report detailing the extent to which business areas and infrastructure already comply and estimates for the amount of effort and expenditure necessary to achieve compliance

2.) Risk analysis with recommendations for each finding

3.) Compliance Plans to map initiatives necessary to meet SDP compliance

4.) Summary of Secure20’s Strategic Implementation Planning process

5.) A formal compliance statement and Compliance Report for submittal to MasterCard attesting to SDP compliance

Contact us to get started right away. Use the Project Scoping Form to make the process even quicker.

Contact us now to get started.