Skip to main content
 
 

Frequently Asked Questions

  1. What is the PCI DSS Standard?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of questions that each merchant who handles, accepts or transmits merchant service credit or debit cards must answer and attest to. PCI DSS is written and maintained by the PCI Security Standards Council.
 
  1. What is the Self-Assessment Questionnaire?
The Self-Assessment Questionnaire (SAQ) is the actual set of questions that the merchant must answer. There are currently four SAQ’s available to answer. The merchant needs to choose the SAQ that best fits how the merchant processes credit cards on a per Merchant Identification Number (MID) basis. Many merchants have more than one MID for example an MID for the retail store and a separate MID for the ecommerce store.
 
  1. Who needs scanning?
Any MID who answers SAQ C or D needs scanning. If you use an outside vendor and you do not receive or store credit card numbers, you qualify for SAQ A and therefore, do not have to be scanned.
 
  1. What merchant levels does PCI ToolKit® cover?
PCI ToolKit can be used by any merchant of any size who does not need an on-site examination to complete PCI DSS.
 
  1. What SAQ does the PCI ToolKit cover?
PCI ToolKit contains all of the material required to complete SAQ A, B, C and D.
 
  1. Does the PCI ToolKit offer scanning?
PCI ToolKit offers fully integrated quarterly scanning through our partners. However there is no requirement that you must use one of our integrated scan vendors. Any currently certified PCI Security Standards Council Approved Scan Vendor (ASV) can use their scan tools in conjunction with PCI ToolKit.
 
  1. What type of merchant, Acquirer and ISO support is offered?
We offer email support which can be launched from any page of PCI ToolKit. Our PCI experts respond in writing right away, usually in minutes, and no longer than one business day.
 
  1. How are merchants boarded on PCI ToolKit?
Merchants are boarded by file upload protocol. We load all files and simply ask our Acquirer and ISO partners to send us updated merchant lists.
 
  1. Does PCI ToolKit bill individual merchants?
No, PCI ToolKit is not sold to merchants directly. We bill our Acquirer and ISO partners who in turn bill their merchants.
 
  1. Do you up-sell additional products and services to merchants from PCI ToolKit?
No, we do not up-sell additional product and services to your merchants.
 
  1. Is training provided?
Yes, we provide ongoing education to our partners and their staffs.
 
  1. How long does it take a merchant to complete the PCI ToolKit questionnaire?
This varies based upon the SAQ that the merchant is completing, the level of merchant knowledge and the number of MIDs involved. In general, for merchants who need to complete SAQ A, it takes approximately 20 to 30 minutes to complete the survey questions. For SAQ B, approximately 30 to 45 minutes are needed to complete the survey questions. For SAQ C and D, in most instances, at least 45 minutes to an hour are required to complete the survey questions.
 
  1. Does PCI ToolKit provide merchant messaging?
PCI ToolKit sends out periodic email reminders when annual updates are due. We also provide periodic reminder letters for merchants that have not yet started the PCI ToolKit process.
 
  1. Does PCI ToolKit offer a community forum?
Yes, a community forum is provided for our Acquirer and ISO partners. It allows communication with each other to facilitate best practices and provides the latest updates on PCI Toolkit and other important PCI-related information.

Related News