Watch this to get answers about the most important questions around running a PCI program with the new v4.0 standard.
Watch this webinar for a conversation addressing the most important questions around running a PCI program with the new v4.0 standard.
Join Robbi Watson (Head of Business Development) and Scott Robinson (Director of Customer Success), where you'll:
This webinar was given on January 26, 2024.
Hey. What's up, everyone? My name is Robbie Watts and joined by Scott Robinson. Today, we're gonna demonstrate and show you guys why folks are switching to a POS for PCI four dot o. So, Scott, how is Security Metrics feeling about the switch to PCI four dot o?
You know, we're excited.
We've never been better and more prepared for this one. And we've done them before, right, all the way through all the the different versions. And and this one, it was different. We really sunk into it. We made changes that were important, that we we think would make the merchant experience a lot easier and a lot more, lot less complicated is a better way to say it.
So we're excited. I'm excited to get it out there, excited to get it going, and and let merchants get into it.
Great. Will the experience in the partner plus portal change at all?
Partner plus portal is not gonna have a lot of changes to it. We're gonna add a couple more graphs to it that are gonna show the, shopping cart inspect information for that new eleven point six requirement. But other than that, it it won't be any different. You'll still be able to pull all the information you want like we've always had. And so, as far as that goes, nothing's different.
Well and I always tell people how easy it is to switch to security metrics. So I know we're switching we've we've switched to a few different standards, over the years. So what are we doing to make that transition to port auto a lot easier for partners and their merchants?
Beautiful.
So let's start with merchants because merchants are where the partner really gets, their frustration from. Right? Merchants come in. They're already struggling with PCI.
PCI is tough to get through, and we make it as easy as we can possibly make it for them. But the merchants will complain if it's too difficult. There's gonna be some new standards involved in this one. There's a new requirement, especially for, the SAQA and ecommerce merchants in general.
Right? But the a merchants, now get a scan that they have to deal with, which shouldn't be too difficult, but they're gonna complain a little bit.
So we've we've made that super simple. We've always been able to handle scanning merchants. Anybody that's ever had a scan through us knows that our scan techs are on top of it. They will help you.
They will get you through it. We have that award winning support team that's gonna walk them through SAQ questions. So not worried about that one so much. Right?
But we did take the if they've prefilled out SAQ three point two point one in the past and they come over to four point o, if you have got if you've you've answered questions that are on both, they're gonna map over. And that's gonna reduce that time.
So what you're saying is if I've already completed three dot two dot one, I only have to answer the new four dot o questions. That's it. That sounds pretty easy, Scott. That's simple. Yeah. I like it.
Cool. How about for the partner side?
Partner side really isn't much different. We did we did ease some some pain with the, AOC portion.
There was a a last page on on the three point two point one version that said card accept, you know, the accept card page, which everybody kinda got up in arms over. We moved that behind the AOC portion because it really doesn't matter if they filled that out. If you've answered the question, you're compliant. Yeah.
Right? And so that's been moved out of the way. A lot of our partners don't require the merchant have to pull out the AOC until they've had a breach event, and most don't. And so, that portion of it's behind a wall shouldn't mess with it.
It shouldn't be a problem to them. The partner can still get to all the documents, so none of that's changed.
It's really just letting us know when they're ready to turn things on and when we turn it on for them. It's live and running.
Yeah. So I know we've been in product with this for over a year, or at least it seems like over a year. Right. And we're making things a lot easier by just transitioning over all the existing questions, and then, bam, you should have to answer the several new questions.
So that sounds like a really easy way for merchants to get compliant. A little headache on the the partners actually should be a good selling point for the partners, for the merchants to validate compliance. So what do you think? So you've described scanning for SAQA merchants, some of the requirements in section six and eleven for more shopping cart ecommerce security. What do you think is the hardest part about PCI compliance four dot o for these merchants? Is it that scan or e com?
Well, the scan is probably the toughest thing for the e com merchant. Right? The SAQA merchant. They've never had to deal with one.
Now all of a sudden, I've gotta deal with a scan. So this is new. This is different, and different is a little scary. Right?
And so we've been doing it for years. The scariness shouldn't be there other than their own little worries. Most of them are gonna pass. Shouldn't be a big deal.
In twenty twenty five, when the shopping cart actually takes effect, those are the ones that are gonna have to go, oh, okay. I gotta fix something. Right? But they've got a two you know, they got a year here to they'll they'll get the scan.
They can run the scan. It won't affect them this year, but next year, it will. So if they see a problem, they should get in and fix it. Understand what that problem is.
Call us. Let us help you. And then when you get to twenty twenty five and that becomes a piece that's going to count against you, you've already gone through it. You're done.
It's simple.
So I'm gonna turn the time over to Jeff. Jeff is a senior product manager here at Security Metrics, and he's been in the weeds with PCI and all the four point zero changes. And he's gonna illustrate and show you how we've made PCI four point zero extremely easy for your merchants to complete.
Take it away, Jeff.
Yeah. Thank you, Robbie. I'm excited to show some of these updates that we've made. We've really tried to do our very best to make the process for merchants to transition over to four point o as simple as possible.
And I think we have a lot of good things you'll be excited about here. There were a few changes that we made that were specific to four point o that we really just had to do as part of that transition.
Some of those were SAQA merchants needed to set up their scans. That's a new requirement for SAQA merchants, as well as updating our policies and procedures, and then, of course, updating all the questions to meet the four point o requirement.
But what I'm really excited to share with you today are some of the usability changes that we made within the portal. That should make it a lot easier for merchants to navigate and use the portal. One feature I'm really excited about, and let me give a little bit of context on this before we dive into it, is with four point o coming out, there's a whole bunch of brand new questions. But what we've done is we have mapped over questions from three two one over to four point o. So what I mean by that is if you answered a question affirmatively in three two one and nothing has changed in how you process or handle credit cards, we have mapped that question over to pre answer it in Ford Auto.
And that's really helpful. And as we come in here into the portal, we have two features, a one page view and hide compliant answers. So you may only have a handful of questions that you need to answer with four point o because we've mapped those over. And so you can click this one page view just to show all the questions sections one through twelve.
And then also you can hide compliant answers. So all those questions that were mapped over, we hide those so you can focus on the ones that you need to answer to become compliant. Another thing that we've updated is the section navigation. You can see over here on the left, we have a list of all of the sections in the SAQ.
So we've got policy, physical access, and so the merchant can see over here what the different sections are and click on each of those sections to navigate to each of them.
And it will show a check mark when that section has been completed so they'll know what their progress is throughout their SAQ. With four point o, the PCI Council has provided applicability notes, which just gives a little bit more context for each of the requirements in the SAQ. We decided to include those in each of the requirements that have applicability notes. You can see it here.
It's a drop down. If the merchant is curious or wants to learn more about that applicability note, they can click there to see what the PCI Council has provided for them. And the last thing that I wanted to show here is we made a few updates to the reporting section. We just reordered some of the different reports.
The most common report that's downloaded is the SAQ and the AOC. And those are both now combined into one document, and the merchant could come in here and click on that. They're able to fill out information that's relevant to their AOC. One of the important things that we do here is we go directly to the PCI Council's website and get the PDFs from the PCI Council, and then we fill in information the merchant has provided to us in that PDF and then provide that to the merchant once they download. Those are the updates that we have for you today. We're really excited to share these with you, and thank you, Robbie, for having me join in today.
Thanks, Jeff. So, Scott, let's go back over to you. So let's talk about our customer success management team and support. So how are we supporting partners through this transition, and how is our support team, which is available twenty four seven, three sixty five, how are they supporting merchants going through this process?
So as far as the the customer success management team, we have been a team for quite a while. Most of my team members have been with Security Metrics for twelve plus years, and so they know what they're doing. They know what they're talking about. And we have one standing rule.
We don't care what size of a partner you are. We treat you as a partner. We're not looking at size. We're not looking at how many merchants you have.
We're gonna answer your emails, and we're gonna answer your phone calls.
We believe in that. We've always been that way. And if that doesn't happen, call me. Let me get on that.
But that's how it should be. Right? And so we don't expect the the the process from our side and the service that they've been giving, thus far is gonna stay the same. We're just gonna give that outstanding service.
I'm a very service oriented person.
And so for the merchants, the support team, I can't talk enough about how great the support team is.
Since I came into this this position sixteen years ago, the support team has always been something that all of our partners have raved over. And I can't thank the support team enough for what they do for merchants.
And and our partners are the same because they know that if we can handle it on our side, the merchant's not gonna call them and give them any uplift about it. And so we'd rather talk with them here and take care of them, and that's gonna stay the same.
Yeah. It sounds like most of our support calls we try to handle on that same call, and we try to answer that call. I mean, I think our average speed to answer is eighteen seconds, but usually those calls are answered under ten seconds. So it seems like a good experience that that they're having.
It's a great even when I call the support team, I always get the same question at the end of my call after they've answered my question. Scott, what else can I do for you today?
Well, then you usually give your cell phone number out to partners so that they can text you in the middle of the night.
Right? Of course. Yeah. I love being called.
So, you talked a little bit about the changes with four dot o for merchants, typically around, well, I guess, mostly around ecommerce. So what are the products Security Metrics has help our partners merchants meet some of those new four dot o requirements?
We've always been an authorized scan vendor, so scanning has always been a part of our product lineup. But we're adding to that the shopping cart inspect products. Right? Because that handles the the new the new requirements in section six and section eleven.
And so those products are new and unique. Nobody else does it like we do. And so we're excited for the merchants to get a hold of that and touch it and feel it and and understand what that brings to their risk level. It brings their risk level down.
It brings them into a more secure arena.
Yeah. And, from some conversations I've had with partners, it sounds like it's very frictionless. You kinda just turn it on and it works, and it it can detect threats before a merchant actually gets breached, which can be super helpful. And it makes sense why they've kind of made that into a new requirement coming into four dot o where everything's going from card not present or sorry, from card present to card not present. So Right. So awesome. So where can I find more info to prepare for PCI four dot o?
Well, there's if you go to the Security Metrics website, we have lots of information in there concerning, PCI and four point o and all the changes. Our marketing team has done a fabulous job of getting this information up there for you. And so doesn't hesitate to get you know, don't hesitate to get to that section of it. For partners, call your CSM. We'll get you whatever information you need.
Thanks so much for joining everyone. And, Scott, thanks so much for answering all those questions on four dot o.
Thank you for inviting me.
As Scott said, there's plenty of resources on our website. Looking forward to seeing you all next time.
.svg)
