Compliance as a Service (CaaS) PCI DSS Merchant Walkthrough
-
Upload
megaplan-it -
Category
Economy & Finance
-
view
983 -
download
0
description
Transcript of Compliance as a Service (CaaS) PCI DSS Merchant Walkthrough
MegaplanIT.com/caas
Compliance as a Service (CaaS) PCI DSS Merchant Walkthrough
Login Screen
First Time Users: • Click “Register/Begin”. Returning Users: • Login with your Username and Password.
RegistraGon
• Enter your Merchant ID Number and Zip Code. • Click “Register”.
Fill out your business informaGon. Some of the informaGon may already be pre-‐filled for you. Click “Con5nue”. Required Fields Include: • Business Name • Merchant ID • Zip Code • Email Address • Username • Password • Re-‐enter Password
Business InformaGon
Answer the 3 quesGons about your credit card machine or the way you accept credit cards. Click “Con5nue”.
Terminal InformaGon
Answer the Pre-‐SAQ QuesGons and CaaS will place you in the correct Self Assessment QuesGonnaire (SAQ). If you know which SAQ you belong in, you can select it manually by clicking “Manually Select SAQ”. When finished, click “Con5nue”
Pre-‐SAQ QuesGons
In Summary, the SAQ has been selected for you from the answers given in the Pre-‐SAQ QuesGons step. If you don’t agree with the bullets in the Summary about your business, please click the “Back” buXon at the boXom of the page to re-‐answer the quesGons more accurately.
Summary
You can Manually select the SAQ that fits your business by clicking the check box in the “Manually Select SAQ” box. By pu[ng your cursor over each SAQ Type you can then read the Summary for that SAQ Type. To select, click on the buXon for the SAQ Type you desire. (Must have the “Manually Select SAQ” box checked.)
Summary
A\er you have established a username and password, log in to CaaS. Once you are logged in, your Merchant Dashboard will show you the necessary steps in becoming Compliant. Required Steps: • Missing Signature • SAQ • Scan (if available on your
Dashboard. Required for Merchants processing via IP/Internet instead of a Phone line.)
Merchant Dashboard
Verify Email
Merchant Dashboard
If you have not received the email confirmaGon email, please click “Send/Re-‐send Verifica5on Email”.
Verify Email
Verifying your email is to confirm we have a good email address on file. We use email to conGnue to noGfy merchants of compliance data or merchant status that may change from Gme to Gme.
Missing Signature
Merchant Dashboard
Merchants must read and agree to the terms and condiGons of the portal. • Click the “I Agree” check box. • Sign in the white box with your cursor. • Click “Save”.
Missing Signature
Merchant Dashboard Self Assessment Ques5onnaire (SAQ)
SAQ Instruc5ons ü All Answers must be answered with a “Yes” or “N/A”
response in order to become Compliant. ü Any Answers with a “No” response will NOT be considered
Compliant and will require remediaGon so that the response can be changed to a “Yes” or “N/A” response.
ü If any quesGons are answered with an “N/A” response, an explanaGon as to why the quesGon does not apply to the Merchant will be required.
Self-‐Assessment QuesGonnaire (SAQ)
Self-‐Assessment QuesGonnaire (SAQ)
Complete each quesGon by clicking on the QuesGon Title itself, then answering the quesGon with a “Yes”, “No”, or “N/A” response. To display all quesGons at the same Gme, click “Show All” in the top right hand corner of the QuesGons container. If you sGll have a quesGon a\er reading the QuesGon and ExplanaGon, click the “Ask Ques5on” buXon in the boXom right hand corner of the QuesGon box.
Once you have finished the quesGons, click “Con5nue” at the boXom right hand corner of the screen. You may also choose to select “Finish Later” to save what you have answered and return to the Merchant Dashboard to complete at a later Gme.
If you receive this message a\er compleGng the SAQ: • Click “SAQ Remedia5on”. • Answer the remaining unanswered quesGons.
OR • Any response answered with “No” must be remediated so the
Merchant can change the answer to a “Yes” or “N/A” response in order to become Compliant.
Self-‐Assessment QuesGonnaire (SAQ)
Scan
Merchant Dashboard
To Schedule a Scan: • Click on “Schedule Scan” in the Menu Bar. To Review a Past Scan: • Click on the date of the Scan you would like to review.
Scan
Follow the prompt to select your se[ngs for the scan and finish by clicking “Schedule/Run Scan”.
Schedule Scan
View each vulnerability by clicking on the risk level (colored boxes), then click on the name of each vulnerability beneath. To download the report, click on “Download Report” in the Gtle bar. To send a support request or report a false posiGve, use the Support Request secGon at the boXom of the page.
Scan Details Review
Downloads
Merchant Dashboard
To download a Compliant CerGficate, click on the “Comple5on Cer5ficate” icon. Merchant must become Compliant before CaaS will allow download.
Downloads
Merchant Overview
Merchant Dashboard
Merchant Overview will allow you to see all of your informaGon as it is stored in CaaS. In addiGon, you can setup addiGonal users, view status of SAQ and/or Scan (if applicable), and Overall Status.
Merchant Overview
Manage Users
Merchant Dashboard
To edit a User select the icon in the EDIT secGon. To delete a User select the icon in the EDIT secGon. To reset the password for a User, select the icon in the EDIT secGon.
Manage Users To add addiGonal Users: Click “Add New” next to the Search buXon. To Search for a User: Enter the name of the User you would like to search for and click “Search”.
If you need to change your SAQ Type as it is no longer correct, click “Change SAQ Type” and the Portal will direct you back through the Pre-‐SAQ QuesGons again.
Merchant Dashboard
Who We Are Megaplan-‐IT, LLC is a PCI SSC CerGfied network security and compliance firm that specializes in PCI DSS Compliance, PenetraGon TesGng, Secure Web Development, Cloud SoluGons, HIPAA Compliance, and other high-‐level IT audiGng and risk management services.
With over fi\een years of applied experience in the field of network security and compliance, the Megaplan-‐IT team is comprised of highly-‐skilled and well-‐trained informaGon security professionals who will work collaboraGvely with your company and maintain open and direct communicaGon throughout the project. Megaplan-‐IT QSAs are trained in Version 2.0 of the PCI-‐DSS Requirements. To learn more, visit us today at hQps://megaplanit.com
Cost Megaplan-‐IT includes key services for free with each assessment. This approach provides our clients with huge savings and ensures that all compliance requirements are met.
Quality Megaplan-‐IT provides the most accurate security risk assessment services at the most compeGGve prices. We stand by the quality of our reporGng from start to finish.
Service Megaplan-‐IT clients never wait for a skilled consultant or QSA to be assigned. Our team is available to assist you when the need arises. 100% SaGsfacGon Guaranteed.
Megaplan-‐IT's mission is to build an ongoing relaGonship with our clients by successfully compleGng a wide range of security and compliance goals on a recurring annual basis.
Mission
Why Choose Megaplan-‐IT
To speak with a consultant now, please call 800-‐891-‐1634 or email [email protected]