VigiOne for PCI DSS Merchant Compliance

VigiOne as Merchant Compliance Platform (MCP) for PCI DSS is a Web-based platform created to allow merchants to quickly and simply validate compliance with the PCI DSS (Payment Card Industry Data Security Standard) which they are required to do by their acquiring bank and the card service providers’ regulations. It has been created by VigiTrust security and compliance experts, with regular input from PCI DSS QSA partners. The MCP includes a suite of features that simplifies and centralizes the compliance process for any merchant, group of merchants or organization wishing to demonstrate compliance to PCI DSS.

VigiOne is modular and configurable. VigiOne is designed to enable organizations to manage compliance to multiple data standards and information security regulations with one single program and platform. This often means that such organizations start using VigiOne to manage to one single security standard and then evolve to add others as appropriate. One common and very successful concept has been to use VigiOne to manage compliance to PCI DSS. In such a case, the features of VigiOne are very specific to PCI DSS.

Using the MCP the merchant will provide access to a number of key features required to validate compliance:

eLearning: educate staff as to what PCI DSS is and how to protect card holder data and confidential information

SAQ functionality: The MCP has in-built versions of all SAQs and guides merchants to the SAQ they need to complete by asking them key questions about how they take credit card payments. Merchants can complete the SAQs online and download, print out and/or mail the completed documents.

Integrated learning management system (LMS) that links awareness and understanding with policy implementation. Interactive, multilingual eLearning courses with testing and certification. PCI DSS eLearning tailored for multiple user types, payment staff, program managers, technical staff, senior executives, merchants and franchisees (one sample course included; contact VigiTrust for additional courses and licenses).

Policy and procedure management tool that allows for the tracking of alignment and standardization of policy and procedures where possible with local, regional and functional variation where required. The system comes preloaded with some standard PCI DSS policy templates that are relatively easy for merchants to customize for their own use. The MCP enables merchants to download and assign a status to generic security polices (i.e. in place/not in place) All documents are based on VigiTrust templates. Merchants or organizations can upload their own versions of these policies or other relevant policies as required. (This module can be customized for non-standard set-ups; contact VigiTrust for more information).

MCP allows the generation and completion of all of the PCI DSS SAQ Types for merchants and Service Providers:
- SAQ A, SAQ A-EP, SAQ B, SAQ B-IP, SAQ C-VT, SAQ C, SAQ P2PE, SAQ D for Merchants & SAQ D for Service Providers.

Includes a wizard to assist organizations determine which SAQs are appropriate for them.

Includes a Secure Evidence Library where files containing documentation, reports, images, statistics, vulnerability scans etc. can be stored as evidence and dynamically linked to requirements, controls and tasks. This includes the capability to set up, store and track Compensating Controls as dictated by the regulations.

Task assignment and management tool with calendar allowing users to set up one-off and recurring tasks that can be assigned to individual users and business units with priorities and deadlines. These can be used to manage and track compliance and remediation activity but also to ensure that recurring tasks such as training, testing, vulnerability scanning and SAQ completion are scheduled and managed.

Full reporting, configured by user type and with dynamic features for customization and drill down. Full data export functionality for more detailed analysis. The reporting feature has in the past been customized at the request of selected clients tracking compliance across thousands of merchants often in diverse industries or spread across many countries, currencies, languages etc.

Multi-level dashboards with statistics, trends and charts, again with drill down and export functionality.

Multilevel organizational and user management with features such as self-service user management, authentication and single sign-on where required.

Click on the items below for further information on VigiOne and PCI DSS in our Document Library.

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance".
csrftoken	1 year	This cookie is associated with Django web development platform for python. Used to help protect the website against Cross-Site Request Forgery attacks
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	Cloudflare set the cookie to support Cloudflare Bot Management.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
mgref	1 year	This cookie is set by Eventbrite to deliver content tailored to the end user's interests and improve content creation. It is also used for event-booking purposes.
visitorId	1 year	ZoomInfo sets this cookie to identify a user.

Cookie	Duration	Description
_gat	1 minute	This cookie is installed by Google Universal Analytics to restrain request rate and thus limit the collection of data on high traffic sites.
G	1 year	Cookie used to facilitate the translation into the preferred language of the visitor.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_*	1 minute	Google Analytics sets this cookie to store a unique user ID.
_gat_gtag_UA_59241235_1	1 minute	Set by Google to distinguish users.
_gat_gtag_UA_89738490_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_s	1 year	This cookie is associated with Shopify's analytics suite.
ajs_anonymous_id	never	This cookie is set by Segment to count the number of people who visit a certain site by tracking if they have visited before.
ajs_group_id	never	This cookie is set by Segment to track visitor usage and events within the website.
ajs_user_id	never	This cookie is set by Segment to help track visitor usage, events, target marketing, and also measure application performance and stability.
ln_or	1 day	Linkedin sets this cookie to registers statistical data on users' behaviour on the website for internal analytics.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
li_sugr	3 months	LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.

Cookie	Duration	Description
_ad_session	session	No description available.
_cfuvid	session	Description is currently not available.
active_demand_cookie_cart	1 hour	No description
activedemand_session_guid	10 years	No description available.
AnalyticsSyncHistory	1 month	No description
cookielawinfo-checkbox-functional	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
debug	never	No description available.
lfuuid	9 years 3 months 9 days 10 hours	No description available.
li_gc	2 years	No description
session_uid	20 years	No description available.
timezone	1 month	No description available.
timezone_offset	1 month	No description available.
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.