Versos ... Providing what matters
 


Payment Card Industry Data Security Standard (PCI DSS) Services

PCI DSS Merchant Management Programme

Versos uses a multi-phase PCI DSS Merchant Compliance program to ensure that the assessment and completion of the appropriate PCI required Self-Assessment Questionnaire for all of the acquirer merchants have been completed:

  • Phase 1 - Information Gathering and Merchant Segmentation and Prioritization
  • Phase 2 - Acquirer Merchant Support Representative Education and Training
  • Phase 3 - Merchant Awareness & Education
  • Phase 4 - SAQ Completion Program
  • Phase 5 – Tracking, Reporting & Network Scans
  • Phase 6 – Remediation Plan and Assistance

Phase 1 - Information Gathering and Merchant Segmentation and Prioritization
  • Collect all available merchant data in-house and with 3rd party vendors (i.e. PED support data)
  • Collate all information
  • Categorize merchants into PCI segmentation levels based on whether they simply transmit card data (segmentation level Type 3) or retain card data (segmentation level Type 5)
  • Prioritize the merchants based on transaction volumes and customer profile.

Phase 2 - Acquirer Merchant Support Representative Education and Training

  • Educate Acquirer support staff on PCI DSS to ensure that all account managers and merchant support representatives are fully aware of the program.
  • Train support representatives on the SAQ process in order to assist merchants with questions and SAQ compliance maintenance.

Phase 3 - Merchant Awareness & Education

  • Establish a Merchant awareness program for all merchants that will include monthly flyers, SMS broadcasts, and on-site reviews to ensure that all merchants are aware of their PCI requirements and can complete the SAQ appropriately.
  • Conduct a training program, which will include an introduction to the PCI standards, for Type 5 Merchants.

Phase 4 - SAQ Completion Program

  • Merchant SAQ compliance will be a combination of phone assisted interviews and on-site interviews and assessments.
  • Merchant compliance status will be managed through an online portal that will provide an SAQ repository, collated status and reporting functionality.
  • Type 3 Merchant interviews will be scheduled merchants contacted via telephone and assisted with completion of the SAQ B as per the compliance requirements
  • Type 3 Merchants that do not complete the SAQ via telephone will be contacted on a site visit to complete the SAQ B in an interview process.
  • Type 5 Merchants that will require a full assessment and vulnerability scan as per SAQ D will be contacted on site visits for the initial assessment and follow-up assessment completion if required.

Phase 5 – Tracking, Reporting & Network Scans

  • Monitor SAQ progress for Merchants
  • Report on Merchant Compliance for regulators and card schemes
  • Conduct initial external network scans for all merchants who require scans.

Phase 6 – Remediation Plan and Assistance

  • For all merchants that are non-compliant, Versos can track a separate remediation ticket on the portal for each action that requires remediation.
  • For all merchants that are non-compliant, Versos can provide periodic follow-up to close gaps and as needed remote support on an hourly fee basis

Versos also offers the following PCI Services

Internal PCI DSS Compliance Programme
Payment Application Compliance (PA DSS)