PCI Compliance Made Easy
SecureTrust PCI Manager with integrated security tools makes it simple for you to implement security best practices and validate your compliance with the Payment Card Industry Security Standard (PCI DSS).
You have been set up with an easy-to-use PCI DSS compliance program in SecureTrust PCI Manager that has been enhanced with a set of premier tools designed for small businesses like yours to bolster your security posture. This program will make it easier than ever for your business to both strengthen data security and maintain PCI DSS certification.
SecureTrust PCI Manager simplifies the process by guiding you through the entire assessment, from beginning to end, serving you only the relevant controls based on your business profile. This dynamic technology will help you meet the right requirements while hiding the ones that do not apply to you. When you certify through PCI Manager, we will make sure you complete the right PCI Self-Assessment Questionnaire (SAQ), help you set up vulnerability scanning (if applicable) and help you take additional steps to defend against hackers and malware by providing powerful and integrated security tools.
What is the PCI Self-Assessment Questionnaire (SAQ)?
The SAQ is a set of data security requirements (technical and non-technical) in the form of a questionnaire designed to ensure you are handling payment transactions in a secure manner relevant to your business profile.
Helpful tips that may help answer your questions, or the questions they may ask:
1. The ClubReady system is a Virtual Terminal
2. ClubReady is PCI compliant and is certified with the card brands specifically for PCI
3. You do not store card or cardholder data in your system for POS or recurring payments. The ClubReady system gathers and stores all card and cardholder data electronically on your behalf
4. ClubReady truncates the card number so only the last 4-digits are displayed in the member profile and POS screen
What is Vulnerability Scanning?
A vulnerability scan is an automated, non-intrusive scan that assesses your network and web applications from the perspective of the public internet. The scan will identify any vulnerabilities in the target system that may allow an unauthorized or malicious user to gain access and compromise the security of your data. These external vulnerability scans are required for any merchant that uses an internet connection and/or has e-commerce operations. (The external vulnerability scans provided by SecureTrust are certified by the PCI Security Standards Council and will not require you to install any software on your systems.)
How do the security tools help?
The security tools that are delivered to you with PCI Manager are designed to help you improve your overall security stance by adding additional layers to your defenses while also streamlining your PCI DSS compliance process by automatically meeting certain requirements.
What information do I need to get started?
- Merchant ID
- Company Name
Other Recommended Information:
Having the following information available will also help you speed the process:
- Address
- Make and model of payment processing device or software
- How does your payment processing device or software transmit payments (dial-up phone line or internet)?
- Has a third party company helped to set up, configure or manage your payment processing equipment? If so, you will need to provide the name of the company.
- Do you process payments via an e-commerce website? If so, you will need to provide the name of your hosting provider and the payment gateway or service provider that processes those payments.
It's Easy to Get Started
Before you begin you'll need your Merchant ID (MID) and Company Name, which can usually be found on your merchant statement. In addition, you may want to have information on your Point-of-sale (POS) device, including vendor, brand and model number. (You should be able to locate this information on the device.)
First, visit the website your program sponsor (e.g., merchant services bank) has sent you. This website address will most often have your sponsor's name at the end, for example, https://pci.securetrust.com/bankname. This unique URL will connect you to your program, and will help you access your pre-registered account. On this custom page, you will find program information, frequently asked questions (FAQs), a video tutorial and customer support contact information.
If your business profile is not on file, we will need to establish it with short qualifying questions during the account registration process. You will create a username and password, provide your contact details and add in security questions/answers for account security purposes. The Primary contact information provided should be for the person with overall responsibility for compliance and typically the one completing the certification.
PCI Wizard
You will be presented with the options to follow the PCI Wizard or to complete the PCI DSS certification forms. If you are new to the PCI DSS certification process, choose the Step-by Step Wizard. This process will help you through to the right Self-Assessment Questionnaire (SAQ) that does not apply to your business. Because the PCI Wizard customize your experience, your next steps will be unique to your environment and how you process payments.
Completing the questionnaire may take multiple attempts, especially as gaps are uncovered. If gaps are uncovered during the workflow, you are given the opportunity to address them so that you can successfully complete each section. Once you have successfully passed each section, sign off on the form and submit for evaluation.
Scanning
If you have an e-commerce website or internet connection for your business that connects to any systems that store, process or transmit payment card data, vulnerability scanning is required. Based on your business profile, the Wizard will help you determine if you need scanning. If scanning is required, PCI Manager will guide you through the entire process of setting up the scanner. We will help you determine the right location and/or website to scan. The system will automatically scan once a month and send you email notifications along with the result. You also have the opportunity to rescan on demand as necessary. If scanning is required for your business, your scan report must have a passing score for each calendar quarter in order for your business to be compliant.
You must also attest to the validity of your scan profiles at least once every quarter. In addition, you must attest any time you modify your scan setup. Your scanning portal will remind you and assist you with this process. Note that scans that run under an expired scan setup attestation will not be counted towards PCI Scan Status.
Activate Your Security Tools
While working through the assessment, you will be prompted to download, install and activate the SecureTrust Endpoint Protection software. This software should be installed on your computer(s) at the location(s) where you handle payment cards. Afterwards, all the security services that have been integrated into your program will be active, running and reporting back to your SecureTrust PCI Manager account in the cloud. The SecureTrust Endpoint Protection software may also pre-fill relevant questionnaire requirements automatically for you, in certain cases.
PCI Status
Once you have a passing SAQ and a passing vulnerability scan (if applicable) on file, your status will be updated to compliant. You can access and print copies of your Certificate of Compliance (CoC), Attestation of Compliance (AoC) and completed SAQ and scan reports. For certain programs, we will also report your compliance to the program sponsor (e.g. merchant services bank) automatically on your behalf.
About SecureTrust
SecureTrust, a Trustwave division, leads the industry in innovation and processes for archieving and maintaining compliance and security. SecureTrust delivers world-class consulting, compliance and risk assessment services and solutions for merchants of all sizes. For more information, visit securetrust.com.
1. Your merchant program may vary.
2. Vulnerability scanning is not required for businesses who do not have these characteristics, or otherwise not needed given your SAQ eligibility.
3. Where applicable for your program.
Need Help? Contact SecureTrust
Email: support@validatepci.com
Phone: 800-363-1621