Skip to main content

PCI ToolKit

The patented PCI ToolKit® solution makes helping merchants achieve and maintain Payment Card Industry Data Security Standard (PCI DSS) compliance quick and easy while alleviating a significant business burden your organization faces.

Complying with the PCI DSS is complicated, confusing and involves a lot of work for both you and your merchants alike. The consequences of non-compliance are serious, and can expose you and your merchants to non-compliance penalties as well as increased liability in the event of a data compromise.

For most merchants, PCI compliance must be validated on an annual basis and in some cases, when externally-facing Internet Protocol (IP) addresses are involved, quarterly network vulnerability scans are required.

You must ensure that your merchants validate compliance at the appropriate classification level and obtain their merchant compliance validation documentation. Additionally, you must submit monthly compliance status reports to the payment card brands.1 Further, all compliance-related validation documentation must be properly archived so that it can be provided to the card brands upon request.

A Solution to the Problem

The PCI ToolKit solution takes the headaches and hassle out of PCI compliance validation by eliminating the need to decipher complicated and confusing rules, regulations and forms, while helping you manage and report on portfolio compliance.

In independent product trials, the PCI ToolKit is consistently selected as the best-in-class solution for ease of use, greater questionnaire completion rates and more merchants actually achieving compliance. 

Merchant Functionality

The PCI ToolKit solution’s automated PCI DSS Self-Assessment Questionnaire (SAQ) guides merchants through a series of business-friendly, simple-to-understand questions presented in layman's terms about their payment processing environment. Sophisticated survey logic analyzes responses real-time to present only questions pertinent to their businesses going forward. 
Based on SAQ responses, the PCI ToolKit system identifies areas of potential weakness and risk, and automatically generates simply-worded policies and procedures, remediation instructions and a remediation timeline. 

A merchant dashboard provides up-to-the-minute SAQ progress details. It also identifies remaining tasks and remediation actions to be addressed to achieve compliance validation and generate a certificate of compliance. 

Online help, plus swift email support provides hand-holding and guidance to help merchants successfully complete the SAQ and comply with card brand reporting requirements. 

The PCI ToolKit solution works with all PCI Security Standards Council Approved Scanning Vendors (ASVs). Scanning services are seamlessly integrated in terms of merchant boarding, reporting and billing. 

Acquirer/ISO Functionality

A single sign-on dashboard is the gateway to all PCI ToolKit portfolio management functions: 

Manage Account

  • Set up and modify company profile
  • Set up administrators and passwords

Board Merchants

  • Upload initial merchant portfolio batch file
  • Upload monthly or quarterly new merchant batch file
  • Board merchants online, one at a time
  • Generate initial portfolio welcome letters for mass mailing

Manage and Monitor Portfolio

  • View entire portfolio status
  • View sub-ISO portfolio status
  • Merchant search
  • View merchant status
  • View audit trial of completed merchant tasks
  • Login to exact merchant view

Generate Reports

  • Merchant portfolio status dashboard
  • Merchant portfolio status detail
  • Merchant open tasks
  • Merchant PCI milestone vulnerability
  • SAQ type
  • Inactive merchants
  • Monthly card brand
  • Prohibited data storage
  • Scan status
  • Compliance certification

Automatic Merchant Reminder Emails

  • Set up a user profile and take the initial SAQ
  • Finish a partially completed SAQ
  • Complete a quarterly scan, remediate a failed scan or resolve an expired scan
  • Resolve past due remediation items
  • Complete the attestation statement
  • Annual recertification
  • No storing of prohibited information

The PCI ToolKit service is brandable with your company's logo and can be launched by your merchants directly from your website.

When it comes to PCI compliance, count on the PCI ToolKit solution to take care of all the details so that you don’t have to.
To learn more about PCI ToolKit and CSR's other data compliance services, talk with one of our Certified Information Privacy Professional (CIPP) experts by calling 866.462.7774 or email today!

1 Monthly Level 4 merchant PCI DSS status may be reported at the acquirers’ discretion.


Related News

  • TriSource Solutions Taps CSR for PCI and Data Privacy Compliance Services  - 10.08.13
    CSR, the preeminent provider of award-winning data compliance solutions and expert business services worldwide, today announced TriSource Solutions, LLC, a leader in full-service merchant processing, is currently rolling out the patented PCI ToolKit® and CSR Breach Reporting ToolKit® solutions to its portfolio of Independent Sales Organizations (ISOs) and merchants.
  • Major Expansion of CSR's Western Office to Support Business Growth  - 09.17.13
    Award-winning data compliance solutions firm CSR announces western office expansion to accommodate strong growth plus development and support of new ground-breaking information security services.
  • CSR Executives Achieve Financial Services and Privacy Credentials  - 08.06.13
    CSR announces that Director of Compliance Mark Brady has earned CIPP/E in pan-European privacy law and enforcement from the International Association of Privacy Professionals (IAPP). Both Brady and CSR Founder Ross Federgreen received IAPP’s CIPM designation for privacy program management. Darrel Anderson, evp sales and client solutions, was awarded a Fellow of CSI® financial services credential by the Canadian Securities Institute for his outstanding leadership, education, ethics, and experience in Canada, the US and abroad.
  • Data Compliance Solutions Firm CSR Granted US Patent for PCI ToolKit System  - 11.07.12
    The US Patent Office grants CSR a patent for its PCI ToolKit web application that helps merchants achieve PCI compliance, recognizing the uniqueness of the system and methodology drives the high completion and compliance rates by end-users of their mandatory annual Self-Assessment Questionnaires.
  • CSR Shows How To Make Compliance Programs Profitable at PCI SSC Community Meeting September 12-14  - 09.05.12
    CSR privacy professionals fan out to payments industry venues this fall to introduce new product/service enhancements like the Mobile Merchant Module and the P2PE-HW Self-Assessment Questionnaire while speaking to and educating organizations that data compliance of personally identifiable (PII) and protected health information (PHI) beyond credit card (PCI DSS data) can be profitable.