RSS

Testimonials

TestimonialsPlease click on the link below to see a list of our current client testimonials. 

read testimonials


Connect with us on 

LinkedIn 

Follow us on

Twitter 

Join us on

Facebook

 Subscribe to us on

 

Read our Blog on

 

 

   

 

   

Related Articles

Newsletter

Subscribe to our newsletter

PCI Compliance Services - Merchants

Multiple Outlet Merchants
Sysnet have amassed a significant amount of experience working with merchants with multiple locations and multiple merchant IDs. PCI DSS is quite challenging for a single location merchant handling data, however having multiple locations or multiple channels of payment acceptance often further complicates matters. There are four main complexities that must be considered for merchants with multiple MIDs, and Sysnet’s service package is highly focused on ensuring that the best possible support is given in order to address these complexities.

1. Is the payment technology identical or different at each location?
For example if each outlet uses the same Stand Alone terminal solution or integrated POS solution this allows us to make common assumptions with regard to certain clauses of the standard and to roll out a common remediation plan that can be easily coordinated by head office. However, if some outlets use new systems and some use legacy systems the impact on compliance needs to be considered and a more outlet focused compliance plan must be generated.

2. What are the specific acquiring bank’s reporting requirements?
Technically speaking the payment schemes require that a PCI Self Assessment Questionnaire (SAQ) be produced by each individual MID, as the report that acquirers provide to the payment schemes is broken down by MID. However, some acquirers allow the head office to produce one SAQ. At Sysnet, we make sure to contact the acquirer and agree the requirements up front. Furthermore, even if the acquirer only requires one SAQ, we have a simple mechanism of producing multiple SAQs so that if, worst case scenario, a breach occurs we can demonstrate that an individual SAQ exists for each MID. This is obviously much easier if the infrastructure is identical at the outlet level.

3. Is there an internal scan requirement?
Another very important consideration for multiple outlet merchants is whether or not there is an internal scan requirement. Many merchants use IP based terminals and because of this, internal scanning on a per terminal basis is a factor of their compliance programme. Sysnet recognise this as a common stumbling block for multiple outlet merchants and as a result we have put together a very flexible scanning package that offers great value for money.

4. Are PCI DSS requirements and policies understood across the outlet network?
A common issue that multiple outlet merchants face is ensuring that PCI DSS requirements and policies are understood across the outlet network. This is especially important for franchise arrangements where a security incident at an outlet level could have negative impacts across the brand. Therefore, as part of our package of services for multiple outlet merchants we provide outlet managers with PCI DSS awareness training at outlet level. This involves managers attending Sysnet training at head office or a convenient location. We can also feed into existing training programmes offered by head office to minimise disruption.

The result of this training is that managers come away with a clear understanding of the common risks associated with PCI DSS, the plans of the company as a whole to meet compliance, and their specific responsibilities for protecting cardholder details at an outlet level. When training is complete we reward the individuals and outlets with certifications of compliance, which demonstrates to staff and customers that card holder data is being protected.

We provide tailored packages to meet the specific needs of multiple outlet merchants.

For further information on our PCI compliance services and Merchant packages, please contact one of our Sales representatives by calling +353 (0)1 495 1300 or by completing our Online Enquiry Form or Request a Call Back Form.

Alternatively, for a full list of contact details for our worldwide offices, please click here.

Also, please feel free to visit our resource centre for helpful articles, latest news, videos, wikis, case studies and useful links related to industry topics and terminology.

Explore Sysnet:

Home | About Us | Contact Us | Partners | Resource Centre | Careers | Our Locations | Dublin Head Office | Russia and CIS | South Africa | UK | Latest News | Articles | Call Recording, PCI DSS & the Pitfalls | The importance of PCI Compliance | PCI DSS Overview | Overview of the main changes between v1.2.1 and v2.0 of the PCI DSS | Webinars | Data Protection | Securing Telephony for PCI DSS | Common Cyber Crimes facing the Payments Industry | Data Breaches – Compulsory Disclosure? | PCI DSS compliance challenges for the E-commerce Sector | PCI DSS compliance challenges for the Hospitality Sector | PCI DSS in the Retail Sector | PCI DSS v2.0 Webinar | PCI DSS Overview Webinar | Wikis | Videos | Case Studies | Useful Links | Testimonials | The Steps to Achieving Information Security Compliance

Information Security Services

Understanding | Analysis | Remediation | Assessment | Support and Compliance Maintenance | PCI DSS Introductory Workshop | PCI DSS Training | Compliance Scope Analysis and Reduction | Gap Analysis | Documentation Review | Information Security Policy & Procedure Development | Remediation Plan | Remediation Project Progress Review | Solutions Implementation & Compensation Control Compliance Validation | Onsite Pre Assessment | Onsite Assessment | Web Application Vulnerability Assessment | Payment Application Assessment | Risk Assessment | Firewall Review | Phone & Email Support | Information Security Policy Review | Periodic Onsite Compliance Health Check | Security Awarness Programmes | Incident Response Services

Managed Security Services

SIM on Demand | Security Monitoring | Network Intrusion Prevention and Detection Service | Firewall Management | Managed Vulnerability and Web Application Scanning | Log Retention

Industry Sector Services

E-commerce | Public Sector | Travel and Tourism | Payments | Financial Services | Educational Institutions | Gaming

Compliance and Standards

Sysnet Compliance Management Solution | PCI DSS | ISO 27001 | HIPAA | SOX | GLBA | NERC/CIP | PCI DSS - Ireland | PCI DSS - UK | PCI DSS - South Africa

PCI compliance

Acquirers/ISO's | Banks | Merchants | Payment Service Providers | Application Vendors | Hosting Providers | PCI DSS - FAQ's | PCI compliance - Ireland | PCI compliance - UK | PCI compliance - South Africa

PCI Forensic Investigator

Incident Management Workshops | Incident Response Scenario Workshop | PFI/PFI Lite Response Services | Payment Security Assessments | PFI - FAQs

© Sysnet 2011. All rights reserved.
Web Design & Web Development by Continuum Technologies