Trustkeeper PCI Compliance Guide for Merchants For questions about Trustkeeper and the enrollment process please contact Trustwave at 866-659-9067. 1. Register yourself with Trustkeeper The first step is to register yourself with the Trustkeeper website. To do this go to https://pci.trustwave.com/elavon and then click on the Get Started button. Please make sure you are going through this process on the actual workstation that you will use with the Volo software. This will make later steps easier to complete.
2. Enter your registration details On the next screen you will need to enter your account details. For your Merchant ID please see your welcome materials that you received in the mail or check your monthly statement as shown below. Enter all of the information and press NEXT to continue. 3. Choose how you accept credit cards You will now need to select how you accept credit cards. This new merchant account will be used with the software you have in place for retail, in-person transactions and also via a website with your online store (if you are using one). Given this you would select In Person if you are only using the point of sale module but then select Multiple Ways if you also have an online store in place.
4. Select the processing method You will now need to enter the manner in how you collect payments. If you are using an online store then please enter the options shown in the first section under Multiple Ways. If you are only using a retail, point of sale environment then please jump ahead to the Retail Only options. Multiple Ways (Retail and Online Store)
Retail Only
5. Enter virtual terminal details Please review the questions below and check that the answers we suggest reflect your environment. We are assuming do you not have anything else connected to the computer that runs the Volo software to process credit card transactions for our responses below. 6. Package offering Select the default entries as you have already set up your account through your merchant account with Elavon. 7. Merchant registration Enter a username and password for your profile so you can at a later time connect to the website and work through the wizard as needed. Accept the terms and conditions and then enter your contact information and security questions on the next screen to complete.
8. Begin PCI wizard On the next screen select the Begin PCI Wizard to start the Q&A process to complete your certification. Enter your General Info and then select that you are not using additional service providers or multiple acquirers. 9. Card acceptance summary Select YES to indicate the summary that was collected from our original answers. This may change based on your previous selections.
10. Products Select the Add Product button in the lower-left and then type Member Solutions in the Product or Vendor box. Member Solutions is the company that hosts the software you are using and are PCI compliant. Select Add New to then add a new entry as shown below. Click Submit and Continue to move to the next section.
11. Scan setup For your scan setup it will involve scanning your retail location to validate your physical location. In addition if you are using an online store then you would also scan the store itself to confirm it is seen as secure by the monitoring systems. Retail Scan Details You will now need to enter the physical location. If you did not start this process from the actual computer that will run the Volo software then please exit, go to that workstation, log in and then continue the process. Select Physical Location for the scan location and then enter the following information to provide details about the scan location. Click Scan Now to start the actual scan in the background. NOTE: The details below will change based on your specific account and IP settings.
E-Commerce Web Site Scan Details (if using an Online Store) If you are using an online store then click Add Scan Location to add a second location. Enter your Volo online store details as shown below and then click submit. This will add your online store to the scanning list. 12. Card data storage and processing The following are common responses to these questions. Please confirm your answers to your specific environment and if you are not following the suggestions please change your answer and then provide what remedies the site is suggestion to ensure you are properly handling card data and information. After you complete this the section will be successfully completed.
13. Internet security The following are common responses to these questions. Please confirm your answers to your specific environment and if you are not following the suggestions please change your answer and then provide what remedies the site is suggestion to ensure you are properly handling card data and information. After you complete this the section will be successfully completed.
14. Secure communications The following are common responses to these questions. Please confirm your answers to your specific environment and if you are not following the suggestions please change your answer and then provide what remedies the site is suggestion to ensure you are properly handling card data and information. After you complete this the section will be successfully completed.
15. Wireless security The following are common responses to these questions. In our experience merchant will not use wireless access from the workstation that they run the Volo software on. If you do use wireless please change your responses and make sure you have wireless security in place as suggested. After you complete this the section will be successfully completed.
16. Device and computer security The following are common responses to these questions. Please confirm your answers to your specific environment and if you are not following the suggestions please change your answer and then provide what remedies the site is suggestion to ensure you are properly handling card data and information. After you complete this the section will be successfully completed.
17. Remote access and management The following are common responses to these questions. Please confirm your answers to your specific environment and if you are not following the suggestions please change your answer and then provide what remedies the site is suggestion to ensure you are properly handling card data and information. After you complete this the section will be successfully completed.
18. Physical security The following are common responses to these questions. Please confirm your answers to your specific environment and if you are not following the suggestions please change your answer and then provide what remedies the site is suggestion to ensure you are properly handling card data and information. After you complete this the section will be successfully completed. 19. Policies and procedures The following are common responses to these questions. If you do not have any policies and procedures then please make sure you implement them to ensure that you have the proper controls in place at your location to protect credit card information and data. If you do not have the policies then please mark the appropriate responses and the site will help you suggest how to establish them. After you complete this the section will be successfully completed.
20. Final acknowledgement You will now be presented with a summary screen that will display your responses to all of the questions that were previously completed. Please review the response, select all of the checkboxes in the Eligibility section and then select Acknowledge and Submit to submit and then on the following screen enter your confirmation details and click Submit.
21. Summary status At this point your self assessment has been successfully completed but the PCI vulnerability scan has not yet completed. This is due to the scan still being scheduled and not executed yet. Please log out and return to the site at a later time to confirm when this is completed and successful. 22. Successful compliance and Certificate of Compliance After the scan is completed it will mark you profile as successful. You can then print your certificate and attestation documentation and keep as a record of your successful PCI compliance. Congratulations!