What is the PCI DSS Standard?
The PCI DSS (Payment Card Industry Data Security Standard) is a set of questions
that each merchant who handles, accepts or transmits merchant service credit or
debit cards must answer and attest to. The PCI DSS is written and maintained by
the PCI Security Standards Council.
What is the Self-Assessment Questionnaire
The Self Assessment Questionnaire (SAQ) is the actual set of questions that the
merchant must answer. There are currently four SAQ’s available to answer.
The merchant needs to choose the SAQ that best fits how the merchant processes credit
cards on a per Merchant Identification Number (MID) basis. Many merchants have more
than one MID for example an MID for the retail store and a separate MID for the
ecommerce store.
Who needs scanning?
Any merchant identification number (MID), which answers Self Assessment Questionnaire
(SAQ) C or D. If you use an outside vendor and you do not receive or store credit
card numbers you qualify for Self Assessment Questionnaire (SAQ) A and you do not
have to be scanned.
What levels of merchants does the PCI TOOLKIT® cover?
The PCI TOOLKIT® can be used by any merchant who does not need an on-site examination
to complete the PCI DSS.
What SAQ’s does the PCI TOOLKIT® have?
The PCI TOOLKIT® contains all of the material for Self Assessment Questionnaires
(SAQ) A, B, C and D.
Does the PCI TOOLKIT® offer scanning?
The PCI TOOLKIT offers fully integrated quarterly scanning through our partners.
However there is no requirement that you must use one of our integrated scan vendors.
Any currently certified ASV (Approved Scan Vendor) could use their scan tools with
the PCI TOOLKIT®.
What type of support does the PCI TOOLKIT® offer?
The PCI TOOLKIT® offers email support. This can be launched from any page of
the PCI TOOLKIT®. Our experts will respond back in writing within 1 business
day.
How are merchants boarded on the PCI TOOLKIT®?
Merchants are boarded on the PCI TOOLKIT® by a file upload protocol. We load
all files and simply ask our partners to send a file to us with updated merchant
lists.
How long does it take a merchant to complete the PCI TOOLKIT® questionnaire?
This varies based upon the Self Assessment Questionnaire that the merchant is completing,
the level of knowledge of the merchant and the number of MID’s involved. In
general it can be stated for those merchants who need to complete SAQ A it takes
approximately 20 to 30 minutes to complete the survey questions, for SAQ B approximately
30 to 45 minutes to complete the survey questions and for SAQ C and D in most instance
at least 45 minutes to an hour to complete the survey questions.
Does the PCI TOOLKIT® provide messaging to the merchant?
The PCI TOOLKIT® sends out periodic email reminders when annual updates are
due. We also provide periodic reminder letters for merchants that have not yet started
the PCI TOOLKIT® process.
Does the PCI TOOLKIT® offer a community forum?
Yes, a community forum is provided for our partners. It allows our partners to communicate
with each other. It provides the latest updates on the PCI TOOLKIT and other important
information.