|
What is the PCI Toolkit?
back to
top
The PCI Toolkit is the first and only fully integrated cross-referenced system,
which allows the merchant the ability to fully comply with the mandated requirements
of the Payment Card Industry Security Standard (PCI DSS).
Who must comply?
back to
top
All merchants who in any way accept, store,
transmit or handle
credit card, debit
card and payment card must comply.
There are no exceptions. This includes merchants who are store based, accept payments by
telephone or mail or utilize the Internet.
Does PCI effect merchants who are not in the USA?
back to
top
Yes. All merchants worldwide must comply with PCI or its international equivalents.
What if a merchant does not comply?
back to
top
The merchant is then subject to civil penalties, criminal prosecution and loss of
credit
card, debit card and payment card privileges.
Fines can exceed $100,000 per month. In addition the processor can increase a merchant’s cost of
credit
card, debit card and payment card
acceptance.
What does the PCI Toolkit consist of?
back to
top
The PCI Toolkit consists of all of the required documents and information that you must have to comply.
This includes a detailed explanation of the 75 questions that must be answered yes to pass the written
test, the required quarterly penetration or vulnerability scans, the required policies, the required
procedures, the required training aids and employee handbook information inserts. The PCI toolkit also
contains industry specific information and a detailed glossary.
What if I have a question after purchasing the PCI Toolkit?
back to
top
There is a continually updated reference section of Frequently Asked Questions on the website that
you have access to as well as one-on-one email support. Additional services are available.
If I complete the PCI Toolkit do I have do anything again?
back to
top
Yes. The self-assessment questionnaire must be completed annually. The penetration or vulnerability
scans must be completed quarterly.
Does the PCI Toolkit provide assistance for the annual self-assessment questionnaire?
back to
top
Yes. An annual subscription to the PCI Toolkit is available to assist merchants with the annual update.
It includes the changes, which have occurred to the PCI DSS so that the annual questionnaire can be answered.
Does the PCI Toolkit provide ongoing quarterly penetration scans?
back to
top
Yes. The first year’s quarterly scans are provided as part of the PCI Toolkit pricing. Thereafter quarterly scanning
can be provided as a component of the annual subscription or as a stand-alone service.
Who performs the penetration scans?
back to
top
403 Labs, LLC a fully approved ASV performs all of the penetration scans for the PCI Toolkit. CSRSI has partnered with 403 Labs, LLC to
perform these services. 403 is a leader in the field.
What if I already have penetration scanning?
back to
top
If you are already using any approved scanning vendor you can use the PCI TOOLKIT. A credit based on the cost of your
current scanning service will be applied.
Why comply now?
back to
top
Compliance is mandatory. No PCI compliance you have no defense and are subject to immediate termination of card
accepting privileges. If you are not compliant and you try to change processors a growing list of processors will
not accept your application. If you attempt to get a new merchant service account and you do not become compliant
within six months you are at risk of losing your merchant service account.
How much does
it cost to comply if I do it myself?
back to
top
The estimates of man-hours vary but before you can attempt this you have to have a thorough knowledge of the material.
Once you have attained a significant enough amount of knowledge and experience it is estimated that it takes approximately
200 hrs to complete all of the required policies, procedures, employee handouts, training aids, industry specific issues,
assessment questionnaire and quarterly penetration scan. You also loose all the time you should be devoted to your core
business. One mistake and you have failed and could seriously compromise your ability to accept payment cards. Why risk it?
Why should I hire outside experts to assist with my required PCI Compliance?
back to
top
Do you do your own taxes? Do you represent yourself in court? The PCI TOOLKIT represents the many years of experience and
knowledge that the authors have gained since 1999. The authors of the PCI TOOLKIT have written dozens of papers on the subject
and are recognized national experts.
Is my processor responsible for my fines?
back to
top
No! The merchant is responsible for fines and penalties.
Is it true that all breaches are from external attacks?
back to
top
No! The vast majority of attacks occur at your local location by trusted people. According to FBI/CSI data greater than
90% of all attacks are internal.
Is it true that if my software or terminal is compliant than I am compliant?
back to
top
No! Compliant software and terminals are critical but not the entire answer.
Where do attacks and breaches occur?
back to
top
Attacks and breaches occur everywhere at anytime. No location or business is safe from attack.
Is it true that no one will ever look at my answers to the self-assessment questionnaire (SAQ) or penetration scans?
back to
top
No! Both the SAQ and the penetration scans are reported directly to your processor. If any issue arises or by random audit these
results are examined. If you have fabricated results this is grounds for loss of
credit
card, debit card and payment card accepting privileges as well as civil
fines and criminal prosecution.
|
