Protect Your Merchants; Grow Your Business

With its industry-leading SecureTrust Merchant PCI Compliance and Security solution as the cornerstone, SecureTrust runs some of the largest Level 4 merchant programs in the world. Through our credit card processor, acquiring bank and independent sales organization (ISO) partners, SecureTrust provides Payment Card Industry Data Security Standard (PCI DSS) compliance validation and information security solutions to more than three million merchants. The Merchant PCI Compliance and Security solution features Trustwave TrustKeeper PCI Manager and integrated security tools to help you deliver and improve your merchants’ overall security posture, while simplifying and automating the process of developing a merchant program customized to your requirements.


of cyber-attacks occur at businesses with fewer than 100 employees


of breaches are point of sale-related

Almost 20%

of merchants lack even basic AV security


  • Being small doesn’t help a merchant elude cyberattacks. In fact, small businesses get hit more often than any other group. Cybercriminals know that they tend to be the softest targets. And targeting them is easier and cheaper than ever before with the rising use of attack automation techniques. It’s as if heat-seeking missiles are tracking down the most vulnerable targets over and over again.

    In today’s cybercrime environment, taking a check-box approach to security is like using a deadbolt on a door made of straw: technically your merchants have met the requirement but they aren’t any more secure. Your ability to offer affordable, sustainable security to your merchants has never been more critical. It’s key to their survival and growth, and can help your business thrive as well.

    TrustKeeper PCI Manager delivers an integrated set of security tools along with PCI compliance validation services expressly designed for small and medium-sized businesses (SMBs). Offering a merchant program with the PCI Manager SMB Security Toolkit helps you achieve:

    • Security to help protect your merchants’ businesses from cybercrime

      The integrated, affordable and easy-to-administer PCI Manager SMB Security Toolkit delivers heavyweight security designed specifically for SMB environments.

    • Simplified PCI compliance workflow for your merchants

      TrustKeeper PCI Manager with the SMB Security Toolkit provides industry-leading PCI compliance validation services that help even the smallest merchants achieve and maintain compliance. The security toolkit is deeply integrated in to the PCI compliance process which helps reduce the number of compliance questions your merchants answer. Implementing the security toolkit is the first step to streamlining compliance.

    • Services expansion in your merchant program

      PCI Manager with the SMB Security Toolkit helps you add recognizable value to your merchants while also improving merchant security. This enhancement to your merchant program can help increase your revenues and merchant retention rate.

    Globe Image


    • Simplifies Security and Compliance

      TrustKeeper PCI Manager with the SMB Security Toolkit makes it simple for merchants to implement security best practices and certify PCI DSS compliance. Our intelligent PCI Wizard walks merchants through the steps that are right for their business type, making it easy for them to understand what needs to be addressed, how they can find the solution, and providing an easy check-off process once the task is complete.

    • Cost-effective Services for SMBs

      The PCI Manager with the SMB Security Toolkit has greater breadth than any other offering on the market. You can take advantage of scalable and flexible bundles to offer an integrated solution with significant value to your merchants. The security toolkit includes 13 different tools including Enterprise-level security made easy, such as File Integrity Monitoring (FIM), as well as remote access security, point-of-sale device monitoring, mobile security, anti-virus and more.

      SecureTrust economies of scale allow us to offer these high-value tools to you at prices that are easily within reach of your merchants. These capabilities could cost up to seven times more if purchased independently from other vendors, while some of the security services designed for SMBs cannot be found anywhere else.

    • Customized for Your Business and Merchant Monitoring

      The configuration of your merchant program is flexible so it can be integrated with your go-to-market strategies. This customization - which includes risk-based outreach, portal co-branding and messaging, data feeds for onboarding and reporting and single-sign-on capabilities - is designed to support your success. Sponsor aggregate reporting gives you the capability for real-time risk management of your merchant portfolio. The Fast Track validation profiles allow you to customize your program and make changes to the PCI Wizard that guides merchants. Fast Track can significantly reduce the number of PCI DSS Self-Assessment Questionnaire (SAQ) questions that merchants must answer, particularly for franchisees or corporate-owned outlets.

    • Backed by SecureTrust Expertise

      Working with SecureTrust is like adding trusted compliance and security advisors to your staff. As a SecureTrust partner, you have access to SecureTrust experts on demand. With more QSAs on staff than any other PCI assessor, we're here to help solve your toughest security and compliance challenges. Intelligence and insight from our secure operation centers, our scanners and our elite SpiderLabs team of security researchers is baked into our products and services. Plus, a day-to-day program management team supports you through each phase of your program. Between your dedicated program team and the SecureTrust global 24x7x365 support staff, access to trusted security professionals and PCI experts is always at your fingertips.

How It Works

  • SecureTrust helps our partners manage the risk of large and diverse small merchant populations so these merchants can achieve security and compliance with industry and regulatory standards. The configuration of a merchant program is flexible so it can be integrated with our customers’ go-to-market strategies. This customization – which includes risk-based outreach, portal co-branding and messaging, data feeds for boarding and reporting and single-sign-on capabilities – all work together for success. This means not only high activation and compliance rates, but also a positive impact on partners’ brand equity.

    Monitor Merchant Progress with Advanced Reporting Features

    The PCI Manager Sponsor View is an aggregate snapshot of your merchant security and compliance program with extensive monitoring and reporting capabilities of your merchants' milestones and other account details.

    Real-time reporting features help you maintain a watchful eye on the progress being made by your merchant populations toward program enrollment, security adoption and compliance achievement levels. Also included are industry standard reports for Visa and MasterCard to facilitate ongoing data needs for the card brands.


    PCI Manager Sponsor View gives you a snapshot of your merchant security and compliance program.

    Key features of PCI Manager with the SMB Security Toolkit

    The SecureTrust process puts security first, which helps to ensure cardholder data is protected and streamlines the compliance process. Merchants who adopt the security solutions achieve significantly higher compliance rates. You can choose whether to include some or all of the 13 security solutions in your merchant program.

    Name Description Application
    PCI Network Vulnerability Scans
    (for up to 3 IPs)
    Certified external vulnerability scans designed to detect and report security shortcomings of the target physical location and/or website from the perspective of a would-be hacker. Internet-connected businesses
    Security Health Check Monitors the basic health of the endpoints to ensure security settings are in-place and active. Businesses with payment applications
    Businesses with computers
    Security Configuration Monitoring Monitors the endpoint’s security configuration against the relevant PCI Data Security Standard controls allowing you to discover and address policy and security weaknesses quickly and holistically on mobile and fixed endpoints. Businesses with payment applications
    Businesses with computers
    POS Application Detection Module Monitors the endpoints for known payment applications and reports on their compliance status. Businesses with payment applications
    Businesses with computers
    Credit Card Data Scanner (DLP) Inspects the endpoints for storage of sensitive or PCI-prohibited data including credit card data and full magnetic stripe data. Businesses with payment applications
    Businesses with computers
    Unauthorized Device Monitoring Inventories the local network as well as monitoring for unknown rogue devices. Businesses with payment applications
    Businesses with computers
    File Integrity Monitoring (FIM) Detects unexpected or malicious changes to critical system files, directories and registry settings for Windows and Linux OS endpoints. Businesses with payment applications
    Businesses with computers
    SecureTrust Anti-virus (AV) Prevents, detects and removes malicious computer viruses for Windows, Linux, and Android OS endpoints. Businesses with payment applications
    Businesses with computers
    Security Policy Generator Helps the merchant meet the relevant PCI SAQ requirements and speeds the process of showing that compliance. Small merchants who need to comply with PCI DSS
    POS Tracker Helps track and monitor POS equipment for tampering and substitution. Card-present merchants with POS terminals and applications
    Mobile Device Security Audits and reports on security and compliance of the device to enable proactive defense. Mobile Android and iOS POS devices
    Remote Access Security Monitors and tracks remote access software installed and enabled on the endpoint; provides guidance on best practices for configuring remote access securely. Businesses with payment applications
    Businesses with computers
    Web Malware Monitoring Regular monitoring for malware that may be present on the merchant's website. It also tracks other issues that may affect consumer confidence in the website, such as being listed on a search engine blacklist, domain hijacking, and expired SSL certificates. Ecommerce merchants
    Businesses with websites

    As an additional service in today's hostile cybercrime environment, you can also bundle in Breach Coverage as a safety net for your merchants, to help cover the cost of a breach.

    Help Merchants Manage Security and Streamline Compliance

    The experience of using TrustKeeper PCI Manager and the SMB Security Toolkit is simple and efficient for your merchants. They are guided through the workflow of implementing security best practices and achieving and maintaining compliance.


    The workflow begins by capturing basic information about the merchant's business and business environment.


    Merchants are prompted to install the security tools you have integrated in to your program.


    PCI Manager with the SMB Security Toolkit simplifies the process for your merchants by presenting them a pathway that’s customized to their business. Our intelligent PCI Wizard walks them step-by-step through the process of certifying PCI DSS compliance. The PCI Wizard uses the information the merchant has provided and matches it to the PCI DSS SAQ, even prefilling some of the questions for the merchant.


    Use of the SMB Security Toolkit means that many of the SAQ security questions can be prefilled as shown here. Including security in your program has been shown to substantially increase merchant compliance rates.

    We Support You in Educating, Training and Marketing to Your Merchants

    SecureTrust helps you tackle the biggest hurdle to compliance – awareness - with both standard online education integrated into PCI Manager and custom training and education sessions.

    In addition to the ability to customize your program Welcome page and portal set-up, you'll have help from SecureTrust to get to the right engagement and response from your merchant base. Customized marketing automation builds on our tried-and-true outreach that follows the merchants' behavior through the PCI lifecycle.

    Web Risk Monitoring Helps You Reduce Risk and Expand Services

    The SecureTrust Web Risk Monitoring (WRM) solution offers you a full suite of services for monitoring your merchant portfolio to meet card brand requirements, reducing your risk and expanding your services offerings.

    WRM includes: Transaction Laundering Detection, Content Monitoring, Merchant Intelligence, Malware Monitoring and Custom Monitoring.

    Support When you Need It

    Online Support

    Visit the TrustKeeper support section for contact information

    Email Support

    Fast responses to your questions, day or night.

    Phone Support

    Available 24 hours a day,
    7 days a week.
    +1 (800) 363-1621



  • video thumbnail

    Getting Started with PCI