In October 2020, Mastercard launched Mastercard Cyber Secure™ (Cyber Secure). Cyber Secure was developed to build on the Account Data Compromise (ADC) program by providing integrated technology to create a baseline of transparent cybersecurity information on bank and merchant online profiles in the payment ecosystem to help elevate the overall safety and security of the Mastercard network.
Information for Merchants
Cyber Risk Snapshot
Cyber Secure provides acquirers with access to a snapshot view of the cyber risk of all their merchants with a public-facing URL known to Mastercard. This Cyber Risk snapshot includes a merchant’s cyber risk rating and an issue priority navigator of found vulnerabilities in the merchant’s own cyber environment, organized by category. A merchant’s cyber risk rating is determined by evaluating over 40 security and infrastructure criteria in the merchant’s own cyber environment and analyzing the importance of each found vulnerability.
Cyber Risk Assessment
Acquirers will have access to a cyber risk assessment for any of their merchants who are under active investigation for an account data compromise event. The Cyber Risk Assessment includes a merchant’s cyber risk rating, an issue priority navigator of found vulnerabilities in the merchant’s own cyber environment, organized by category, actionable plans for mitigating such found vulnerabilities, an IT profile of the merchant’s hosting providers and domains, and a compliance profile that provides merchants with information about their compliance with certain industry standards and frameworks.[1]
Mastercard encourages acquirers to share cyber risk snapshots and assessments with their merchants to help improve the overall transparency of the payment ecosystem.
For a copy, merchants should first contact their acquirers. Merchants may also request a copy directly from Mastercard by opening a support ticket through the Support Case Management application in Mastercard ConnectTM.
Upon submission of a support case, Mastercard will provide, once per year, a complimentary copy of a merchant’s own cyber risk assessment.
Merchants with Questions or Concerns
Merchants with questions regarding how their cyber risk rating was calculated, or who wish to contest or remediate their cyber risk rating, may do so by opening a support case through the Support Case Management application in Mastercard Connect. Merchants should also note that Mastercard honors robots.txt instructions and applicable cybersecurity laws.
[1] The content of the compliance profile is informational only. It does not constitute certification of, and cannot validate or refute compliance with, any industry standards or frameworks.
