The Green Sheet Online Edition
August 13, 2012 • Issue 12:08:01
Rapid PCI compliance for merchants
To ease the burden of data security compliance, First Data Corp. launched PCI Rapid Comply, an online Self-Assessment Questionnaire (SAQ) and vulnerability scanning tool designed to assist small to midsize businesses (SMBs) achieve and maintain Payment Card Industry (PCI) Data Security Standard (DSS) compliance.
Delivered as a merchant-facing, help-based web application, the solution reportedly simplifies the entire PCI compliance process for busy merchants. "Many smaller merchants have been under the assumption that they need to be security experts to be PCI compliant, and the process can be overwhelming," said Bruce Dragt, Senior Vice President and Division Manager, Payment Acceptance at First Data.
"With the PCI Rapid Comply solution, merchants can now quickly and easily complete the necessary SAQ online at any time with extensive built-in help including live chat from First Data."
The integrated compliance service is being offered directly to First Data customers as part of the company's comprehensive suite of data security solutions. "Because our customers are already in our system, we can streamline the process by helping to pre-populate some of the most difficult technical questions included in the SAQ," Dragt noted.
According to First Data, using the PCI Rapid Comply tool can reduce the number of questions merchants must answer on the SAQ by as much as 85 percent. To operate the system, merchants must answer a few pre-SAQ questions. PCI Rapid Comply then directs each merchant to the proper version of the SAQ for his or her business and fills in accurate answers to designated questions.
A real-time dashboard tracks merchant progress in the PCI compliance process and shows what percentage of the SAQ has been completed. Once a merchant achieves PCI certification, PCI Rapid Comply generates and submits to merchants customized Information Security and Incident Response Policies based upon which version of the SAQ was completed.
For merchants who are required to perform quarterly scans, PCI Rapid Comply includes integrated vulnerability scanning tools.
After a merchant sets up the first scan, the application automatically executes quarterly scans, reducing the time necessary to conduct subsequent scans. If the system should detect a compliance issue, PCI Rapid Comply produces a remediation plan to help merchants correct the problem. Also, because the tool is online, merchants have 24/7 access to it.
First Data Corp.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.