Trustwave Merchant Validation/Certification Portal
About Trustwave
Trustwave is a leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper® compliance management software and other proprietary security solutions.
Trustwave has helped thousands of organizations—ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers—manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, Asia and Australia. For more information, visit http://www.trustwave.com .
Trustwave has partnered with Sage Payment Solutions in order to bring their services to a broader base of merchants in a cost-effective manner. The partnership is simply an alignment of a mutual goal: To help merchants become PCI-DSS compliant. The role of Trustwave as a QSA and Sage Payment Solutions as a Merchant Acquirer (credit card processor) have not changed as a result of this partnership. Trustwave is required to continue to meet their QSA responsibilities in accordance with the PCI SSC requirements, and Sage Payment Solutions must ensure all of our merchants are PCI-DSS certified. NOTE: Sage Payment Solutions has no means or ability to interfere or otherwise influence Trustwave in regard to any requirements or actions necessary for them to administer and validate any merchant to the PCI-DSS.
The Sage Payment Solutions-Trustwave Partnership
We partnered with Trustwave to provide PCI-DSS services to our merchant base this year (and going forward) for a number of reasons:
Trustwave created a PCI-DSS wizard that (depending on how you answer) provided merchants with a means to shorten the questionnaires (Self Assessment Questionnaire – SAQ) by not having to answer questions that do not pertain to them.
Trustwave provides a downloadable executable (TrustKeeper Agent) that can scan the merchant’s internal system and help populate some of the SAQ. In addition, the TrustKeeper Agent runs monthly to continue to help alert merchants to potential issues that may not have been present during the last scan. Again, this service is part of the base PCI-DSS annual fee.
The size of our merchant base enabled Sage Payment Solutions to provide a steep discount over the generally available pricing currently in the market.
Sage Payment Solutions negotiated a discounted fee for a service that retails between $100-200+. As PCI-DSS certification is required by all merchants each year, we feel confident that the service cannot be found elsewhere for less, nor can the features/benefits of the service be matched.
That said, there are many approved Qualified Security Advisors (QSA’s) and should any Sage Payment Solutions merchant wish to source PCI-DSS services with any of these QSA’s, Sage Payment Solutions will refund $40 of the $50 fee charged to your account. $10 of the base fee charged will be used to offset the cost of a Compliance Representative having to verify the PCI-DSS certificate with an alternate QSA.
Questions or concerns regarding the PCI program may be directed to pcicompliance@sagepayments.com .
Integrated Merchant Validation Portal
From a merchant standpoint the requirement to validate to PA-DSS, PCI-PTS and to certify to PCI-DSS are all the same. Previously a merchant could complete their PCI-DSS certification, fail the PA-DSS portion, but still receive their PCI compliance certificate. This is because PA-DSS is not enforced through the QSA or PCI-DSS.
Given the confusion, Sage Payment Solutions felt it was imperative to streamline the overall process. Although Sage Payment Solutions has not halted the PCI-DSS certification process, on or around June 21st, the Trustwave Portal will integrate questions around PA-DSS and PCI-PTS.
If you successfully validate both PA-DSS and PCI-PTS, you will automatically be enabled to proceed with PCI-DSS. If you fail to validate PA-DSS and/or PCI-PTS, the Sage Payment Solutions Compliance Group will be notified and will reach out to you to help remediate/resolve the non-compliance. You will not be permitted to proceed with your PCI-DSS certification until you have validated to both PA-DSS and PCI-PTS and/or remediated/resolved any non-compliance.
Access the Sage Payment Solutions Merchant Validation/Certification Portal .
Participating Sage North America Product Portal Links
A coupon on the site will enable you to receive the first year of PCI-DSS certification services for free if you choose to become a Sage Payment Solutions customer within 60 days of your PCI-DSS certification date. Details are included on each co-branded site.
Please select the Sage North America product you currently have to be re-directed to the co-branded Trustwave-Sage North America landing page:
