In October 2020, Mastercard launched Mastercard Cyber Secure™ (Cyber Secure). Cyber Secure was developed to build on the Account Data Compromise (ADC) program by providing integrated technology to create a baseline of transparent cybersecurity information on bank and merchant online profiles in the payment ecosystem to help elevate the overall safety and security of the Mastercard network.
Information for Merchants
Cyber Risk Snapshot
Cyber Secure provides acquirers with access to a snapshot view of the cyber risk of all their merchants with a public-facing URL known to Mastercard. This Cyber Risk snapshot includes a merchant’s cyber risk rating and an issue priority navigator of found vulnerabilities in the merchant’s own cyber environment, organized by category. A merchant’s cyber risk rating is determined by evaluating over 40 security and infrastructure criteria in the merchant’s own cyber environment and analyzing the importance of each found vulnerability.
Cyber Risk Assessment
Acquirers will have access to a cyber risk assessment for any of their merchants who are under active investigation for an account data compromise event. The Cyber Risk Assessment includes a merchant’s cyber risk rating, an issue priority navigator of found vulnerabilities in the merchant’s own cyber environment, organized by category, actionable plans for mitigating such found vulnerabilities, an IT profile of the merchant’s hosting providers and domains, and a compliance profile that provides merchants with information about their compliance with certain industry standards and frameworks.[1]
Mastercard encourages acquirers to share cyber risk snapshots and assessments with their merchants to help improve the overall transparency of the payment ecosystem. For a copy, merchants should first reach out to their acquirers and may also make a request to Mastercard by sending an email to Mastercard Customer Service at cybersecure@mastercard.com.
Upon merchant’s email request to cybersecure@mastercard.com, Mastercard will provide, once per year, a free copy of a merchant’s own cyber risk assessment.
Merchants with Questions or Concerns
Merchants with questions regarding how their cyber risk rating was calculated or that wish to contest and remediate their cyber risk rating may do so by contacting Mastercard Customer Service at cybersecure@mastercard.com. Merchants should also note that Mastercard honors robots.txt instructions and applicable cybersecurity laws.
Merchants with questions relating to an active ADC event may contact the ADC team at ADC@mastercard.com.
[1] The content of the compliance profile is informational only. It does not constitute certification of, and cannot validate or refute compliance with, any industry standards or frameworks.