Panoptic Security - Products
The Merchant Experience
Becoming PCI compliant is a big challenge for merchants. Any merchant that takes credit cards as a form of payment must fill out a Self-Assessment Questionnaire (SAQ) and, depending on the complexity of the merchant's system, must execute a network vulnerability scan. For many merchants, this process involves terms they do not understand, complex questions covering networks, firewalls, ports, and subjects better fit for an IT professional. Despite the value of keeping customer card data safe, the PCI process is commonly viewed by merchants as time consuming, frustrating, and a pain in the butt.
Panoptic designers kept this reality in mind when creating ExpertPCI. Our guiding principles were: Simplify the PCI process, use all available data to Shorten the task, and Guide the merchant along the path of least resistance.
Asking merchants to be IT professionals is not a viable solution to PCI compliance. Loading 280 + questions into a PDF won't get better results, and neither will a call center. Make the subject matter and questions easier to understand. Present them in plain English. Provide the shortest path to an accurate completion.
Fastest & easiest SAQ in the industry (See SAQ Process for details.)
The SAQ ranges from in complexity from A to D, A being the easiest and D being the most complex. The SAQ A applies to merchants who do not see credit cards, or those who use a third party handle transactions, and has only 13 questions. The SAQ D has over 280! You can imagine how shortening this process leads to higher rates of completion.
ExpertPCI uses a unique approach, helping the merchant by suggesting answers to some of the SAQ questions. How can we do this? Our security experts have built a library of characteristics for hundreds of common POS (Point-of-Sale) terminals, payment applications, and gateways. These characteristics can be directly associated with various SAQ questions. Our security experts have pre-loaded these logical relationships into the ExpertPCI software. When a merchant tells us what POS system they use, we can often suggest answers to dozens of SAQ questions just from accessing our electronic library. (To learn more, see the SAQ Process page.)
Using ExpertPCI, compliant merchants are asked to answer an average of 50% fewer SAQ questions. (That could mean 140 fewer questions!) However, the merchant must review and agree to each answer, but can always change any suggested answer. It's not surprising our completion rates are three times the industry average.
In-depth help materials (question-specific help & explanation of terms)
The designers of ExpertPCI created a substantial help and definition resource for merchants. By floating a mouse above unknown terms the merchant is shown a help dialogue box. Our security experts define each term using common language. This function can be accessed throughout the site.
SAQ questions include help text explaining the intent of the question, giving examples of how it might apply to a merchant's business, and providing the merchant instructions on how to answer the question.
Live chat for users
Phone calls can be very intrusive for a merchant trying to run their business. Customer service calls from PCI reps are almost always treated with annoyance. Instead, merchants prefer a customer service resource available whenever they choose to use PCI software. Chat is available anytime the merchant chooses to log into the site. Furthermore, CS reps can see the merchant's screen, allowing them to pinpoint the merchant's location in the process and quickly answer very specific questions. This saves the merchant from having to call in and provide long-winded descriptions of their problem and location in the software. (A 1-800 number is provided, but Live Chat is encouraged and displayed inside the software.)
Auto-email system sends merchants log-in reminders, helps maintain compliance
We know that phone calls can be intrusive for a busy merchant. Instead of relying on outbound calls to drive usage, the ExpertPCI system uses internal software triggers to send e-mail communications to the merchant. The SAQ process needs to be repeated once a year. Network Vulnerability Scanning, for those who need it, needs to be completed once a quarter. ExpertPCI tracks the compliance status of each merchant, automatically triggering appropriate e-mail reminders, always including a link to the user account. This reminds busy merchants to enter ExpertPCI and complete their PCI requirements only when necessary.
Custom Fix-It Plans and Security Policies assembled using data from the SAQ
As explained above, ExpertPCI suggests many SAQ answers to the merchant, saving considerable time. The software also tracks merchant compliance data driven by individual SAQ answers and scanning results. Unfortunately, some merchants will fail the SAQ or fail the scan and will require internal fixes before they can achieve compliance. ExpertPCI tracks each of the SAQ questions for every merchant and uses this knowledge to create a Fix-It Plan, assemble a Security Policy, and create an Incident Response Plan. Instead of lumping all of the available remediation information into one huge document, like most PCI providers, ExpertPCI assembles custom documents for each merchant, only including pertinent subjects, vastly reducing the complexity and size of each document. ExpertPCI also organizes merchant Fix-It suggestions from largest (most impactful) to smallest, providing the shortest path to compliance. These resources are available anytime and change dynamically if the merchant changes the SAQ or scan results.
Integrated scanning tool, provided when necessary
Network Vulnerability Scanning has always been a difficult part of the PCI process. Confusion and frustration while scanning generate the majority of Panoptic's customer service questions. Scans are only necessary for SAQ C and D merchants. To keep things simple for these merchants, ExpertPCI provides an intuitive UI that controls all scanning tasks without asking a user to visit another website or wait long periods of time. Scans are automatically scheduled for merchants, who are reminded using an auto-email tool. Passing scans are clearly communicated to the merchant and failing scans come with clear instructions on the cause of the failure and how to fix the problem.
Back to Solutions page