ControlCase Merchant Manager

More information



What is Merchant Management?

According to VISA :
Acquirers are responsible for ensuring that all of their merchants comply with the PCI Data Security Standard (DSS) requirements”

And according to MasterCard :
“MasterCard fundamentally views our member Acquirers as owning the acquiring payment channel. Given this perspective, MasterCard works to administer the SDP Program through our Acquirers, working with merchants to further secure the transaction infrastructure.
Please note that acquirers themselves do not need to go through the SDP compliance process but they must manage the SDP process for their merchants.”

Merchant Management is the process that enables card acquirers to ensure that their merchants are compliant with the PCI Data Security Standard and thereby satisfy the demands of the various card brands.

ControlCase Merchant Manager (CMM) is built using the ControlCase IT-GRC Platform and enables organizations (banks, acquirers, service providers etc. ) to manage the compliance of their merchants with the PCI DSS. CMM automates many of the manual tasks associated with the compliance process. When organizations are dealing with thousands of merchants, the process of managing compliance could consume an enormous amount of resources, time and money. CMM enables organizations to reduce all of these by providing a single interface to all compliance processes through a universally accessible web based interface.

Key Features
  • Enable merchants to fill out and submit the required Self Assessment Questionnaires (SAQs)
  • Enable merchants to setup an automated vulnerability scan on a regular basis (quarterly or on demand)
  • Enable merchants to provide any required documentation to the bank or service providers from the secure interface
  • Setup reminders to perform various compliance activities
  • Provide banks and service providers to get a instant dashboard on the compliance status of the whole merchant population, such as - how many merchants are compliant, how many have started the process, how many have not started etc
  • Provide a single repository to store all compliance related information for any audit requirements