Stax PCI Compliance Toolkit Walkthrough

Purpose


This Help Center article provides a guide for organizations working on their PCI DSS Validation with a focus on PCI Toolkit account creation and business profile. PCI Toolkit Link HERE.

Process


Logging in for the first time

Each organization will receive an automated email from do_not_reply@conformancetech.com with login instructions to access the PCI toolkit. Initial access will require you to create a new password, with the email address being the user name.

Once logged in, you will see your PCI Toolkit Dashboard page with information on next steps and a link to an informational video.

Completing the Business Profile


You will need to complete your business profile by answering questions about how you accept payments.

Follow the 10 simple steps below to complete this:

Completing the Self-Assessment Questionnaire (SAQ)


Once Step 1 is completed, you should receive a pop-up that confirms your business type is "SAQ A." If you are told that your SAQ type is anything other than "A," please reach out to help@shelterluv.com immediately for assistance.

Then, you will be redirected to your dashboard, where you can complete your self-assessment questionnaire (SAQ):

  1. From the dashboard, click on “Next” under step 2. The number of questions is based on the questionnaire answered during step 1; it should be about 30 questions in total.
  2. When answering the questions in the Questionnaire, you may feel free to simply answer "Yes" unless you are sure that an answer should be "No." If you answer "No" to any of the questions, you will have a follow-up task on your PCI dashboard to take care of that item before you can become certified as compliant.
    1. The only question where you will most likely choose "No" is the question asking if your organization currently performs regular network vulnerability scans:

      1. Selecting "No" for this question (and the question right after it) is acceptable and should not result in any follow-up tasks.
      2. If you currently perform vulnerability scans, feel free to choose "Yes."
  3. Once the questionnaire is completed and any follow-up tasks have been completed, you will then need to attest to your compliance. To do this, click on “Click here to attest" under Step 5 on your dashboard:

Network Scan


After finishing your questionnaire, you will undergo a scan of your website/network. These scans will then occur on a quarterly basis moving forward.

  1. To begin the scan, click “Next” under the column “Step 3 Scanning”:

  2. On the “Submit IP/Domain Information” screen, you will be asked to fill out the IP or website address for scanning and then click “Submit.” Select the Website address bullet and enter new.shelterluv.com into the text field. 

  3. After scheduling a scan, the site will redirect you back to the dashboard. (As noted on the “schedule a scan” page, scanning results can take up to 24 hours to populate into the portal; however, in most scenarios, results will populate by the beginning of the following business day.)
  4. Once back at the dashboard, you can then click on the “Scan Info” link.

    By clicking this button, PCI Toolkit will show the date the scan will be assessed and/or allow you to schedule another scan if needed.

  5. Once scan results are available, the dashboard will show if the scan has passed or failed.

  6. If the scan fails, you can click on Scan Info and get a report of the vulnerabilities needing to be addressed:

    If the scan is passed, you can proceed with attesting to your compliance and obtaining your certificate.

Maintenance


The SAQ must be renewed annually, and the external vulnerability scan must be completed quarterly. You will receive an email notification at the email address associated with your PCI Toolkit in advance of these actions becoming due.

If any questions arise, please don't hesitate to contact us at help@shelterluv.com.