Mastercard

GeoInsights - geographic spend data and geographic spend insights

The Mastercard GeoInsights platform delivers spend insights and data trends. This helps policy makers understand and assess customer journey and support. Provided across macro and micro-geographies over extensive periods of time up to the present and across various industries, it supplies a view into the micro-economics of an area

Features

• Location planning based on sales, ticket size, accounts, and growth
• Flexible timeframes, with daily, weekly or monthly data available
• Performance benchmarking across multiple industries with granular data analytics

Benefits

• Area performance analysis by comprehensive transaction data and industry research
• Customer journey mapping with spend analysis from defined geographic locations
• Demographic profile analysis and origins of regional spend

£35,000.00 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nabeel.irshad@mastercard.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

464797008564941

Contact

Nabeel Irshad
44 786 6165 112
nabeel.irshad@mastercard.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Service support is during normal office hours only i.e. Monday - Friday 0900-1700. Scheduled outages and maintenance will be communicated to clients no less than 48 hours beforehand. These tend not to occur more than once every six months and last for no more than three hours.
• System requirements: Ability for receipt of datasets by email, API or SFTP

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Service support is during normal office hours only i.e. Monday -Friday 0900-1700. Responses will be provided via email within 48 hours.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Standard arrangements are for 48 hours response times on service questions, initial training, and data delivery on a monthly, quarterly or annual basis.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: On-boarding is a simple process. Mastercard will agree with the client where the dataset should be sent to, and delivery is undertaken against the agreed cadence. Delivery channel is via email, API or SFTP, subject to the client’s preference. ; ; This process can be completed within five working days and is led by our product team with support from your account manager. It will normally include a kick off meeting to set out what the client can expect in terms of deliverables and support. The dataset is very easy to use and understand. ; ; In addition, each client has a right to two hours training with the Mastercard’s product team
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Clients have a right to their data even following contract termination. The service consists of data provision on a regular basis and this can be kept within the customer's domain even once the service has lapsed. Clients can extract data from whichever means they put in place to store it following contract end.
• End-of-contract process: At contract end, new datasets will no longer be delivered and support will no longer be available for data already provided.

Using the service

• Web browser interface: No
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: The API is straightforward and simple in that it allows for direct access and download of the dataset in CSV format.
• API documentation: Yes
• API documentation formats:
  • PDF
  • Other
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: Our service is already scaled to global levels of demand

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: Data centres are fully air-gapped and accessible only to authorised personnel. For users working remote from office locations, VPN access is mandatory. Further detail is available upon request however is limited due to the sensitive nature of the assets and infrastructure we must safeguard.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Data is delivered within CSV file format so export is not relevant to this service
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: We can deliver via password protected email, API or SFTP, to the client's preference
• Data protection within supplier network: Other
• Other protection within supplier network: Data will be protected in transit when delivered via password protected email, API or SFTP, to the client's preference

Availability and resilience

• Guaranteed availability: Standard arrangements are for 48 hours response times on service questions, initial training, and data delivery on a monthly, quarterly or annual basis.
• Approach to resilience: Available on request
• Outage reporting: Information will be provided to clients by email prior to any planned service outage and on a reasonable endeavours basis if unplanned. Planned maintenance on average denies service for three hours every six months.

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: This is not relevant to this service
• Access restriction testing frequency: At least once a year
• Management access authentication: Other
• Description of management access authentication: We are happy to agree an appropriate delivery mechanism with each client. Usual access is via password protected email, or API or SFTP.

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Accredited by payment regulators across multiple territories we operate in
• PCI DSS accreditation date: 01/01/2022
• What the PCI DSS doesn’t cover: Mastercard is fully accredited against PCI DSS requirements across the territories we operate in around the world.
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: – Center for Internet Security (CIS) Critical Security Controls for Effective Cyber Defense (CIS Controls); – American National Standards Institute/International Society of Automation (ANSI/ISA)-62443-2-1 (99.02.01)-2009; – International Organization for Standardization (ISO)/International; Electrotechnical Commission (IEC) 27001; – NIST Special Publication (SP) 800-53 Rev. 4 - NIST SP 800-53
• Information security policies and processes: – Center for Internet Security (CIS) Critical Security Controls for Effective Cyber Defense (CIS Controls); – American National Standards Institute/International Society of Automation(ANSI/ISA)-62443-2-1 (99.02.01)-2009; – International Organization for Standardization (ISO)/International; Electrotechnical Commission (IEC) 27001; – NIST Special Publication (SP) 800-53 Rev. 4 - NIST SP 800-53

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change Control and Configuration Management will include a registered take back plan, a testing process, management approval, and updated documentation, in line with PCI DSS guidelines for the payment industry. More detail is available on request
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Some limited further detail is available upon request but because of the sensitive nature of the business Mastercard conducts in the payment sphere we are not at liberty to provide detail publicly.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Some limited further detail is available upon request but because of the sensitive nature of the business Mastercard conducts in the payment sphere we are not at liberty to provide detail publicly.
• Incident management type: Undisclosed
• Incident management approach: Some limited further detail is available upon request but because of the sensitive nature of the business Mastercard conducts in the payment sphere we are not at liberty to provide detail publicly.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Mastercard have committed to create a more sustainable and inclusive digital economy, with a pledge to reach net zero emissions by 2050. ; ; This goal builds upon our existing Greenhouse Gas (GHG) commitments that align with the Business Ambition for 1.5°C pledge. As we fulfil this contract, Mastercard will work towards its SBTi-approved goal to reduce total Scope 1 and 2 emissions by 38% and Scope 3 emissions by 20% by 2025 from a 2016 baseline. ; ; These targets reflect a long-term commitment by the company to monitor and implement best practices to reduce emissions across the business, drive operational energy efficiency, and further engage suppliers in value chain decarbonization. Progress already made towards these goals includes achieving 100% renewable electricity in 2020, reinforced by a commitment to RE100. ; ; Mastercard is also mobilizing its technology, expertise, and trusted global partnerships network to lead on collective climate action, through innovative initiatives such as the Greener Payments Partnership and the Priceless Planet Coalition which respectively aim to reduce the carbon footprint of the payments cycle and harness the power of our network to invest in tree planting and forest restoration. The latter will aim to plant 100 million trees by 2025.
• Covid-19 recovery:

  Covid-19 recovery

  Mastercard products and services are being used every day to understand the strength of the retail recovery in the high street, both amongst private organisations and public sector agencies with responsibility for town centres and wider economic performance.; ; Key data users are local business improvement districts. Mastercard prepaid economic stimulus cards have been issued in Northern Ireland, Jersey and across various municipalities across the UK to boost high street spending. Meanwhile our tourism data is being used by DMOs to understand how domestic tourism has supplanted international travel whilst borders have been disrupted by the pandemic.; ; Mastercard recently launch its Strive UK programme aimed at providing support to small businesses who might be struggling to recover following the pandemic.
• Tackling economic inequality:

  Tackling economic inequality

  Mastercard is at the hub of movement to develop financial technology with a social purpose, and we support new fintech propositions that are seeking to push back the boundaries that stand in the way of access to financial services. ; ; We take a firm stand on the theme of financial inclusion, whereby we will work as a priority with partners to ensure the digital economy, the ability to save and the ability to borrow are as widely available as possible. Indeed, such growth is an existential requirement for Mastercard, hence it is a business imperative we work in this way.; ; During the execution of this contract, Mastercard will offer training to women and girls on digital financial services, support to hard pressed SMEs impacted by the pandemic, and collaboration with and direct financial support to local fintech start ups across the UK to enable better access to good quality financial services for certain excluded communities.
• Equal opportunity:

  Equal opportunity

  Mastercard follows many elements of best practice in the UK, including the following:; ; - appropriate channels for effective voices, such as trade union recognition; ; -investment in workforce development; ; - no inappropriate use of zero hours contracts; ; - action to tackle the gender pay gap and create a more diverse and inclusive workplace providing fair pay for workers (for example, payment of the real Living Wage); ; - offer flexible and family friendly working practices for all workers from day one of employment oppose the use of fire and rehire practices across its supply chain; ; - effort to ensure the development of innovative technologies and methods to modernise delivery and increase productivity; ; - ensuring all employees and contractors have equal access to organisational learning and continuous improvement such as apprenticeships ; ; - rigorous training and support in respect of minimising exposure to cyber risks including phishing and spoofing.
• Wellbeing:

  Wellbeing

  We are committed to supporting our diverse and inclusive workforce across the globe.; ; As part of that commitment, we offer generous benefit programs that are designed using global standards to ensure the financial, emotional, and medical safety of all our employees and their loved ones. ; ; We offer best-in-class benefits and programs to support the wellbeing of our employees, including quarterly meeting-free days; learning opportunities for leaders to manage their hybrid workforces; flexibility to work away from the office, and resources focused on mental and physical wellbeing.; ; Mastercard is clear about the impact of these actions in that we have consistently maintained a high rating on Glass Door for employee satisfaction and regularly poll highly on national favoured places to work surveys.

Pricing

• Price: £35,000.00 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nabeel.irshad@mastercard.com. Tell them what format you need. It will help if you say what assistive technology you use.