Compliance as a Service (CaaS) PCI DSS Merchant Walkthrough

940
-1

Published on

For more information visit https://megaplanit.com/caas

This walkthrough guides new CaaS users through the set up process, gives an overview of the Merchant Dashboard functionality, details the SAQ instructions, and provides an overview of how easy and intuitive the CaaS Portal really is to use.

Published in: Economy & Finance, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
940
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Compliance as a Service (CaaS) PCI DSS Merchant Walkthrough

  1. 1. MegaplanIT.com/caas   Compliance  as  a  Service  (CaaS)   PCI  DSS  Merchant  Walkthrough  
  2. 2. Login  Screen  First  Time  Users:  •  Click  “Register/Begin”.      Returning  Users:  •  Login  with  your     Username  and  Password.  
  3. 3. RegistraGon  •  Enter  your  Merchant  ID  Number  and  Zip  Code.  •  Click  “Register”.  
  4. 4. Business  InformaGon   Fill  out  your  business  informaGon.   Some  of  the  informaGon  may   already  be  pre-­‐filled  for  you.     Click  “Con5nue”.     Required  Fields  Include:   •  Business  Name   •  Merchant  ID   •  Zip  Code   •  Email  Address   •  Username   •  Password   •  Re-­‐enter  Password  
  5. 5. Terminal  InformaGon  Answer  the  3  quesGons  about  your  credit  card  machine  or  the  way  you  accept  credit  cards.  Click  “Con5nue”.  
  6. 6. Pre-­‐SAQ  QuesGons   Answer  the  Pre-­‐SAQ   QuesGons  and  CaaS  will   place  you  in  the  correct   Self  Assessment   QuesGonnaire  (SAQ).     If  you  know  which  SAQ   you  belong  in,  you  can   select  it  manually  by   clicking  “Manually  Select   SAQ”.       When  finished,  click   “Con5nue”  
  7. 7. Summary   In  Summary,  the  SAQ   has  been  selected  for   you  from  the  answers   given  in  the  Pre-­‐SAQ   QuesGons  step.     If  you  don’t  agree  with   the  bullets  in  the   Summary  about  your   business,  please  click   the  “Back”  buXon  at  the   boXom  of  the  page  to   re-­‐answer  the  quesGons   more  accurately.  
  8. 8. Summary   You  can  Manually  select  the   SAQ  that  fits  your  business   by  clicking  the  check  box  in   the  “Manually  Select  SAQ”   box.     By  pu[ng  your  cursor  over   each  SAQ  Type  you  can   then  read  the  Summary  for   that  SAQ  Type.  To  select,   click  on  the  buXon  for  the   SAQ  Type  you  desire.  (Must   have  the  “Manually  Select   SAQ”  box  checked.)  
  9. 9. Merchant  Dashboard   Aer  you  have  established  a   username  and  password,  log   in  to  CaaS.  Once  you  are   logged  in,  your  Merchant   Dashboard  will  show  you  the   necessary  steps  in  becoming   Compliant.     Required  Steps:   •  Missing  Signature   •  SAQ   •  Scan  (if  available  on  your   Dashboard.  Required  for   Merchants  processing  via   IP/Internet  instead  of  a   Phone  line.)    
  10. 10. Merchant  Dashboard   Verify  Email  
  11. 11. Verify  Email   Verifying  your  email  is  to   confirm  we  have  a  good   email  address  on  file.  We   use  email  to  conGnue  to   noGfy  merchants  of   compliance  data  or   merchant  status  that  may   change  from  Gme  to  Gme.    If  you  have  not  received  the  email  confirmaGon  email,  please  click  “Send/Re-­‐send  Verifica5on  Email”.  
  12. 12. Merchant  Dashboard   Missing  Signature  
  13. 13. Missing  Signature   Merchants  must  read  and  agree  to  the  terms  and  condiGons  of  the   portal.   •  Click  the  “I  Agree”  check  box.   •  Sign  in  the  white  box  with  your  cursor.   •  Click  “Save”.  
  14. 14. Merchant  Dashboard   Self  Assessment  Ques5onnaire  (SAQ)  
  15. 15. Self-­‐Assessment  QuesGonnaire  (SAQ)     SAQ  Instruc5ons       ü  All  Answers  must  be  answered  with  a  “Yes”  or  “N/A”   response  in  order  to  become  Compliant.   ü  Any  Answers  with  a  “No”  response  will  NOT  be  considered   Compliant  and  will  require  remediaGon  so  that  the   response  can  be  changed  to  a  “Yes”  or  “N/A”  response.   ü  If  any  quesGons  are  answered  with  an  “N/A”  response,  an   explanaGon  as  to  why  the  quesGon  does  not  apply  to  the   Merchant  will  be  required.  
  16. 16. Self-­‐Assessment  QuesGonnaire  (SAQ)   Complete  each  quesGon  by  clicking  on  the   QuesGon  Title  itself,  then  answering  the     quesGon  with  a  “Yes”,  “No”,  or  “N/A”   response.  To  display  all  quesGons  at  the     same  Gme,  click  “Show  All”  in  the  top  right   hand  corner  of  the  QuesGons  container.     If  you  sGll  have  a  quesGon  aer  reading  the   QuesGon  and  ExplanaGon,  click  the  “Ask   Ques5on”  buXon  in  the  boXom  right  hand   corner  of  the  QuesGon  box.   Once  you  have  finished  the  quesGons,  click   “Con5nue”  at  the  boXom  right  hand   corner  of  the  screen.  You  may  also  choose   to  select  “Finish  Later”  to  save  what  you   have  answered  and  return  to  the  Merchant   Dashboard  to  complete  at  a  later  Gme.  
  17. 17. Self-­‐Assessment  QuesGonnaire  (SAQ)   If  you  receive  this  message  aer  compleGng  the  SAQ:     •  Click  “SAQ  Remedia5on”.     •  Answer  the  remaining  unanswered  quesGons.   OR     •  Any  response  answered  with  “No”  must  be  remediated  so  the   Merchant  can  change  the  answer  to  a  “Yes”  or  “N/A”  response  in   order  to  become  Compliant.  
  18. 18. Merchant  Dashboard   Scan  
  19. 19. Scan   To  Schedule  a  Scan:   •  Click  on  “Schedule  Scan”  in  the  Menu  Bar.   To  Review  a  Past  Scan:   •  Click  on  the  date  of  the  Scan  you  would  like  to  review.  
  20. 20. Schedule  Scan   Follow  the  prompt  to  select   your  se[ngs  for  the  scan   and  finish  by  clicking   “Schedule/Run  Scan”.  
  21. 21. Scan  Details  Review   View  each  vulnerability  by   clicking  on  the  risk  level   (colored  boxes),  then  click   on  the  name  of  each   vulnerability  beneath.   To  download  the  report,   click  on  “Download   Report”  in  the  Gtle  bar.   To  send  a  support  request   or  report  a  false  posiGve,   use  the  Support  Request   secGon  at  the  boXom  of   the  page.  
  22. 22. Merchant  Dashboard   Downloads  
  23. 23. Downloads   To  download  a  Compliant  CerGficate,  click  on  the  “Comple5on   Cer5ficate”  icon.     Merchant  must  become  Compliant  before  CaaS  will  allow  download.  
  24. 24. Merchant  Dashboard   Merchant  Overview  
  25. 25. Merchant  Overview   Merchant  Overview  will  allow  you  to  see  all  of  your  informaGon  as  it   is  stored  in  CaaS.  In  addiGon,  you  can  setup  addiGonal  users,  view   status  of  SAQ  and/or  Scan  (if  applicable),  and  Overall  Status.  
  26. 26. Merchant  Dashboard   Manage  Users  
  27. 27. Manage  Users   To  add  addiGonal   Users:     Click  “Add  New”   next  to  the   Search  buXon.     To  Search  for  a   User:     Enter  the  name   of  the  User  you   would  like  to   search  for  and   click  “Search”.    To  edit  a  User  select  the      icon  in  the  EDIT  secGon.  To  delete  a  User  select  the      icon  in  the  EDIT  secGon.  To  reset  the  password  for  a  User,  select  the            icon  in  the  EDIT  secGon.  
  28. 28. Merchant  Dashboard   If  you  need  to  change  your  SAQ  Type  as  it  is  no  longer  correct,   click  “Change  SAQ  Type”  and  the  Portal  will  direct  you  back   through  the  Pre-­‐SAQ  QuesGons  again.  
  29. 29. Who  We  Are   Megaplan-­‐IT,   LLC   is   a   PCI   SSC   CerGfied   network   security   and   compliance   firm   that   specializes   in   PCI   DSS   Compliance,   PenetraGon   TesGng,   Secure   Web   Development,   Cloud   SoluGons,   HIPAA   Compliance,   and   other   high-­‐level   IT   audiGng  and  risk  management  services.  With  over  fieen  years  of  applied  experience  in  the  field  of  network  security  and  compliance,   the   Megaplan-­‐IT   team   is   comprised   of   highly-­‐skilled   and   well-­‐trained  informaGon  security  professionals  who  will  work  collaboraGvely  with  your  company  and   maintain   open   and   direct   communicaGon   throughout   the   project.   Megaplan-­‐IT  QSAs  are  trained  in  Version  2.0  of  the  PCI-­‐DSS  Requirements.    To  learn  more,  visit  us  today  at  hQps://megaplanit.com    
  30. 30. Why  Choose  Megaplan-­‐IT     Cost   Quality     Megaplan-­‐IT  includes  key  services  for  free  with  each   Megaplan-­‐IT  provides  the  most  accurate   assessment.  This  approach  provides  our  clients  with   security  risk  assessment  services  at  the  most   huge  savings  and  ensures  that  all  compliance   compeGGve  prices.  We  stand  by  the  quality  of   requirements  are  met.   our  reporGng  from  start  to  finish.   Service   Mission   Megaplan-­‐ITs  mission  is  to  build  an   Megaplan-­‐IT  clients  never  wait  for  a  skilled   ongoing  relaGonship  with  our  clients  by   consultant  or  QSA  to  be  assigned.  Our  team   successfully  compleGng  a  wide  range  of   is  available  to  assist  you  when  the  need   security  and  compliance  goals  on  a   arises.  100%  SaGsfacGon  Guaranteed.   recurring  annual  basis.   To  speak  with  a  consultant  now,  please  call  800-­‐891-­‐1634  or  email  sales@megaplanit.com  
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×