FAQ

1. What is the PCI DSS Standard?

• The PCI DSS (Payment Card Industry Data Security Standard) is a set of questions that each merchant who handles, accepts or transmits merchant service credit or debit cards must answer and attest to. The PCI DSS is written and maintained by the PCI Security Standards Council.2

2. What is the Self-Assessment Questionnaire

• The Self Assessment Questionnaire (SAQ) is the actual set of questions that the merchant must answer. There are currently four SAQ’s available to answer. The merchant needs to choose the SAQ that best fits how the merchant processes credit cards on a per Merchant Identification Number (MID) basis. Many merchants have more than one MID for example an MID for the retail store and a separate MID for the ecommerce store.

3. Who needs scanning?

• Any merchant identification number (MID), which answers Self Assessment Questionnaire (SAQ) C or D. If you use an outside vendor and you do not receive or store credit card numbers you qualify for Self Assessment Questionnaire (SAQ) A and you do
  not have to be scanned.

4. What levels of merchants does the PCI TOOLKIT® cover?

• The PCI TOOLKIT® can be used by any merchant who does
  not need an on-site examination to complete the PCI DSS.

5.  What SAQ’s does the PCI TOOLKIT® have?

• The PCI TOOLKIT® contains all of the material for Self Assessment Questionnaires (SAQ) A, B, C and D.

6.  Does the PCI TOOLKIT® offer scanning?

• The PCI TOOLKIT offers fully integrated quarterly scanning through our partners. However there is no requirement that you must use one of our integrated scan vendors.
  Any currently certified ASV (Approved Scan Vendor) could use their scan tools with the PCI TOOLKIT®.

7.  What type of support does the PCI TOOLKIT® offer?

• The PCI TOOLKIT® offers email support. This can be launched from any page of the PCI TOOLKIT®. Our experts will respond back in writing within 1 business day.

8.  How are merchants boarded on the PCI TOOLKIT®?

• Merchants are boarded on the PCI TOOLKIT® by a file upload protocol. We load all files and simply ask our partners to send a file to us with updated merchant lists.

9.  Does the PCI TOOLKIT® bill individual merchants?

• No, the PCI TOOLKIT® is not sold to any merchants directly. We bill our partners who in turn bill their merchants.

10. Are other products sold to merchants from the PCI TOOLKIT®?

• No, we sell no other products.

11. Is training provided?

• Yes, we provide ongoing teaching to our partners and their staffs.

12. How long does it take a merchant to complete the PCI TOOLKIT® questionnaire?

• This varies based upon the Self Assessment Questionnaire that the merchant is completing, the level of knowledge of the merchant and the number of MID’s involved. In general it can be stated for those merchants who need to complete SAQ A it takes approximately 20 to 30 minutes to complete the survey questions, for SAQ B approximately 30 to 45 minutes to complete the survey questions and for SAQ C and D in most instance at least 45 minutes to an hour to complete the survey questions.

13. Does the PCI TOOLKIT® provide messaging to the merchant?

• The PCI TOOLKIT® sends out periodic email reminders when annual updates are due. We also provide periodic reminder letters for merchants that have not yet started the PCI TOOLKIT® process.

14. Does the PCI TOOLKIT® offer a community forum?

• Yes, a community forum is provided for our partners. It allows our partners to communicate with each other. It provides the latest updates on the PCI TOOLKIT and other important information.