MasterCard International Announces MasterCard Site Data Protection Service

Business Wire, May 16, 2001

Business Editors

PURCHASE, N.Y.--(BUSINESS WIRE)--May 16, 2001

Alliances with Marsh, Predictive Systems and Ubizen Create

Comprehensive Set of Global E-Commerce/Financial

Security Services To Proactively Help Defend

e-Merchants Against Hacker Attacks

MasterCard International today announced a solution to assist online merchants in defending against Internet hackers. MasterCard is aligning with Marsh, Predictive Systems, and Ubizen to deliver MasterCard Site Data Protection Service(TM) (SDP) - a multitiered, comprehensive set of global e-commerce/financial security services designed to help protect the websites of its member financial institutions and online merchants. SDP is expected to be available globally to MasterCard members by the fourth quarter of this year and is one of the latest additions to MasterCard's suite of Internet security solutions that address the protection of all parties involved in an online transaction.

SDP takes a proactive approach against hackers by identifying possible vulnerabilities in an acquirer's or merchant's online system and making recommendations for short- and long-term security improvements. The solution addresses the security issues that online merchants and their acquiring banks face in the virtual world, and concerns arising from these issues, such as Internet fraud/chargebacks, damage to brand image, consumer concerns about safety and privacy, cost of replacing stolen account numbers and more.

Unlike other solutions that are referral-based services, MasterCard will deliver MasterCard Site Data Protection Service directly to its acquiring members, who in turn will offer the services to merchants. MasterCard members and merchants can choose from several levels of protection, ranging from site vulnerability assessments and alerts to insurance coverage for third party liability, crime losses and more. In addition, members and merchants who enroll in the SDP program may receive additional security services - offered independently from MasterCard's alliance partners - at a discounted rate. These services include ethical hacking, where a team of experts deliberately - in coordination with the client - attempt to attack the network to uncover potential weaknesses; intrusion detection; website monitoring; and firewall monitoring.

"E-commerce, the fastest-growing segment of the U.S. retail market, can provide a profitable, even dominant position for our acquiring members and also represents an expanding source of business for merchants," said Art Kranzley, senior vice president, Global e-Business, MasterCard International. "In alliance with Marsh, Predictive Systems and Ubizen, we were able to combine our unique areas of expertise to develop customized security solutions to help protect against hacker intrusions for the benefit of our members, merchants and cardholders."

In North America, Latin America/Caribbean region, and Asia/Pacific, MasterCard's preferred vendor for SDP services will be Predictive Systems, a leading network infrastructure consulting firm focused on building fast, reliable, secure networks for global enterprises and security providers. In Europe and Middle East/Africa, MasterCard's preferred vendor will be Ubizen, a leading provider of e-security solutions that allow companies worldwide to confidently conduct their business operations online.

The core SDP program includes these essential security components:

- Best Practices: The Guide to MasterCard Rules and Best Practices for Web
Merchants and Acquirers defines the measures that members and merchants must
take to conduct business effectively and securely on the Internet, as well as
suggested practices, and it addresses such important issues as the coding of
e-commerce transactions, risk monitoring, cardholder disclosure, consumer
privacy, and the protection of transaction data.

- Online Self-Assessment Survey: Based on MasterCard's Best Practices and
the industry-recognized British Standard 7799, this automated survey is
designed to evaluate a merchant's security measures and provide an
electronic report that compares results to industry peers.

- Security Scan of the Merchant Website: Fully automated and non-intrusive,
this procedure provides an accurate snapshot of existing security measures.
Using well-known assessment tools that are updated on a continuing basis, the
scan generates an electronic report that categorizes the merchant's level
of risk and, as needed, offers short- and long-term recommendations, along with
links to immediate fixes.

- Security Alert Service: Ongoing e-mail alerts that update participants on the
latest security news, compiled from hacker publications and bulletin boards,
media publications, and vendor security advisories.

The SDP program, along with an appropriate network design and reasonable security measures, reduces vulnerability against the majority of hackers. Additionally, MasterCard has partnered with Marsh, a global risk management and insurance brokerage firm, to offer optional insurance services that can maximize the core protection offerings: