HackerGuardian PCI Compliance Wizard

How The HackerGuardian PCI Compliance Wizard Works

The HackerGuardian PCI Compliance Wizard is an intuitive web-based application that guides merchants through the PCI Self-Assessment Questionnaire (SAQ) and provides a custom remediation plan. Each question is accompanied by expert advice to help the merchant interpret and appropriately answer each question. At the end of the wizard, you will find out immediately whether or not your organization as PCI compliant.

The wizard provides:

• Expert Questionnaire Help - clarifies the toughest questions with easy to understand explanations
• Custom Remediation Plan for your company containing:
  • A comprehensive list of remedial actions that you need to take to obtain full PCI compliance
  • Links to recommended products and services that will help you cost-effectively
• Ready-To-Submit self assessment that you can send to your bank

Your progress is automatically saved after each question - allowing you to complete the questionnaire on your schedule. Your free account and responses are retained, giving you an opportunity to revise and modify any of your answers. This allows you to update, schedule, and track the progress of outstanding remediation tasks.

New users register first to create a free account. Existing HackerGuardian customers should enter their username and password on the enrollment form. A new 'SAQ' tab will be added to the HackerGuardian interface.

What is a PCI Self-Assessment Questionnaire?

The Self-Assessment Questionnaire (SAQ) is a document that merchants are required to complete every year and submit to their Acquiring Bank.

The questionnaire consists of a set of 12 security requirements sub-divided into 6 broader sections - with each section targeting a specific area of security from the PCI Data Security Standard. All sections must be completed.

Completing a Self-Assessment Questionnaire helps Merchants do two things:

• • Evaluate their security practices and plan compliance with the required PCI Data Security Standard
  • Complete the required SAQ - giving others, such as their Acquiring Bank, the necessary evidence that they are in Compliance with the PCI Data Security Standard.

There are 5 different versions of the self assessment questionnaire. The version that your organization will need to complete depends on how your company handles credit card data - this is called your 'Validation Type'. For some merchants, the appropriate questionnaire is short and simple, while for others it is long and technical. The first five or six questions in the compliance wizard will quickly determine your company's validation type then automatically begin the appropriate questionnaire.

What are the criteria for passing or failing the questionnaire?

Merchants have to pass (or be able to say 'Not Applicable') to ALL questions to be considered compliant with the PCI Data Security Standard.

Failing any question means the merchant or service provider is not compliant. The risk(s) identified by the questionnaire must be remedied and the questionnaire retaken.

What are the steps I should take to become PCI Compliant?

1. Register for a free Self-Assessment Questionnaire license then log in to HackerGuardian by clicking the 'Login' button at the top of the page. Click the 'SAQ' tab then complete the questionairre according to the information contained in the Self- Assessment Questionnaire Instructions and Guidelines.

2. Complete a clean vulnerability scan with a PCI DSS Approved Scanning Vendor (ASV), and obtain evidence of a passing scan from the ASV.

3. Complete the relevant Attestation of Compliance in its entirety (located in the SAQ).

4. Submit the SAQ and the accompanying Attestation of Compliance along with evidence of a passed vulnerability scan and any other requested documentation, to your acquiring bank.