When will my program be upgraded?

Your program will be upgraded on March 21^st, 2022. This date cannot be changed as Trustwave is decommissioning the SecureTrust portal, and it will not be available after March 21^st, 2022.

How long will the upgrade take?

The SecureTrust portal will be closed off at 9 a.m. CT on March 21^st, 2022, and the upgraded portal will be available no later than March 24^th, 2022. A message will be placed on the portal to advise visitors that the upgrade is in progress and that the portal is temporarily unavailable.

Is there a dedicated upgrade support team?

Yes, the upgrade support teams are made up of key stakeholders from SecureTrust and Sysnet teams. Your Alliance Manager is part of that team.

Will my Alliance Manager change?

There will be no change in the SecureTrust personnel associated with your account.

How do I request support?

You can continue to request support via the usual channels. You can contact your Alliance Manager, Project Manager or Support team. You can contact the Support team by emailing support@securetrust.com or call 312-267-3212 Option 1, or via your custom contact information.

How will my merchants be notified?

Merchants can be notified via the portal and via email communications.

Portal notifications: A pop-up message will display on the portal to advise merchants that they should complete any in-progress work before the upgrade, or it will be lost. After the upgrade has taken place, merchants who have not logged in and reset their passwords will be provided with a link to do so in all standard program communications. The portal login page will also include a message advising that passwords need to be re-set by clicking ‘Forgot Password’ if accessing the portal for the first time post-upgrade.

Email notifications: Pre-upgrade emails can be sent advising merchants that they should complete in-progress SAQs before the upgrade or their work will be lost. A post-upgrade email can be issued to advise merchants that the upgrade is complete, with a link to the portal to reset their password.

What branding will my merchants see on the portal?

Portal branding will not change.

Are the URL for the portal and associated email aliases changing?

No, the URL and the support email remain unchanged.

What happens if the merchant has an in-progress SAQ at the time of upgrade?

In-progress SAQs will not move over. We can issue pre-upgrade comms to encourage merchants to complete any in-progress work on the portal before the upgrade so that it is moved across; otherwise, they will have to restart their SAQ.

What happens if a merchant has scans scheduled close to or on the day of the upgrade?

We recommend that scans are not set to run around the time of the upgrade. The pre-upgrade communications will encourage merchants to check the timing of their next scan. We suggest that merchants do not schedule scans within 5 days of the upgrade date to give time to run the scan and attest to a passing scan. The information will be passed into the new portal if this is completed by March 16^th, 2022. If a scan fails, we recommend rescheduling the scan in the new portal as soon as possible after the upgrade.

What happens if a merchant has scans scheduled after the upgrade?

Scans scheduled after the upgrade will not be carried over to the new portal, they should be rescheduled in the new portal.

What happens to disputes on scans that run prior to the upgrade?

Previously resolved disputes will come across in historical passing scans. However, in-progress scans, including scans with open disputes, will not be brought across. These scans should be re-run on the new portal, and the team will work with the merchant to resolve any disputes.

What about merchants that have an SAQ expiring close to the upgrade date?

We encourage merchants whose SAQs are expiring close to the upgrade date to review and re-submit prior to the upgrade. We encourage this in the suggested pre-upgrade communications. If a merchant does not re-submit a passing SAQ before the upgrade date, Sysnet will send automated ‘SAQ expired’ notifications from the new portal.

Will scanning frequency change?

Compliance impacting scan merchants can schedule individual scans as well as set up quarterly scan schedules for static IP assets to assist in maintaining their compliance with PCI DSS requirements. Once the merchant has a passing and attested scan, the result is valid for 90 days with their current assessment. If they subsequently run scans and fail within that 90-day period, it will not impact their scan compliance or overall PCI DSS compliance status. There has been no change in this area with respect to scan compliance maintenance.
Merchants with no scan compliance requirement who would like to scan their environments can continue to do so. These scans can be scheduled once-off or via monthly schedule for static IP addresses. Results will not impact their overall compliance but will indicate if the scanned assets present any vulnerabilities for the merchant to remediate.

Can merchants still scan “on-demand”?

Yes, merchants can still schedule single scans to run whenever they wish.

Will monthly scanning be supported?

Initially, monthly scanning will not be supported but will follow shortly after.
Compliance impacting scan merchants can schedule individual scans as well as set up quarterly scan schedules for static IP assets to assist in maintaining their compliance with PCI DSS requirements. Once the merchant has a passing and attested scan, the result is valid for 90 days with their current assessment. If they subsequently run scans and fail within that 90 day period, it will not impact their scan compliance or overall PCI DSS compliance status. There has been no change in this area with respect to scan compliance maintenance.
Merchants with no scan compliance requirement who would like to scan their environments can continue to do so. These scans can be scheduled once-off or via monthly schedule for static IP addresses. Results will not impact their overall compliance, but will indicate if the scanned assets present any vulnerabilities for the merchant to remediate.

Will the Endpoint product still work, and will there be a Sysnet alternative available?

Upon upgrade, all merchants will have access to the Sysnet Protect desktop agent. Sysnet Protect will provide cardholder data discovery scanning, device security configuration scanning, network monitoring for connected devices, and PA-DSS application detection on each device running the software.

What about merchants that were pre-registered in the current portal but had not completed registration prior to the upgrade?

After the upgrade, merchants who had not registered in the current SecureTrust portal will receive an email with access credentials for the new portal.

What about merchants that have an SAQ expiring close to the upgrade date?

We encourage merchants whose SAQs are expiring close to the upgrade date to review and re-submit prior to the upgrade. We encourage this in the suggested pre-upgrade communications. If a merchant does not re-submit a passing SAQ before the upgrade date, Sysnet will send automated ‘SAQ expired’ notifications from the new portal.

What about merchants that were pre-registered in the current portal but had not completed registration prior to the upgrade?

After the upgrade, merchants who had not registered in the current SecureTrust portal will receive an email with access credentials for the new portal.

Will I/my merchants be locked out of the portal during the upgrade?

Access to the SecureTrust portal will be disabled for a period of time. During the upgrade, a message will display advising that the portal is temporarily unavailable and to check back later.

Is the sponsor/partner experience changing with the upgrade?

There will be some differences in the sponsor/partner experience. Training videos will be provided.

Will my sponsor/partner access move at the same time as merchants?

Yes, partner/sponsor access will move at the same time. You will receive an email from the new portal with a link to the portal to reset your password once the upgrade is complete.

What sponsor users will be made available in Sysnet post-upgrade?

By default, only SecureTrust PCI Manager Sponsor Users that are active (including those that are locked out) and logged into the portal within the last 12 months will be re-created in the Sysnet system. Disabled Sponsor Users will not be re-created.

As a merchant, will my SecureTrust login details work on the new portal?

SecureTrust usernames will be carried over. For security reasons, passwords will need to be reset. Users will receive an email from the new portal with a link to the portal to reset their password.

As a partner, will my SecureTrust login details work on the new portal?

SecureTrust usernames will be carried over. For security reasons, passwords will need to be reset. Users will receive an email from the new portal with a link to the portal to reset their password.

What historical merchant data will move across with the transition?

Historical data entries will be brought over. We will endeavour to bring over documentation.

As a partner user, what reports will I get with Sysnet?

There will be some differences in partner reporting. Training videos will be provided.

A version of the SecureTrust merchant detail report will also be available for download/file transfer. Please contact your Alliance Manager or Project Manager for more information and to enable.

There is also a generic merchant status file which is the Sysnet equivalent to the merchant detail report. It is available for download from the portal daily and can be transferred over sftp on request. It includes much of the same information and more. See here here for more details.

Will SSO continue to work?

Like SecureTrust, Sysnet supports SAML. If you wish to maintain SSO, please request Sysnet SAML service provider metadata. You will need to share the updated metadata from your IDP. A guide with expected changes and requirements can be found here, please reach out to your Alliance Manager or Project Manager for further assistance.

As a partner user, how do I board new merchants onto the portal?

Partners not using a data feed, will be provided with a new boarding file. You can find information on boarding files here. Please reach out to your Alliance Manager or Project Manager to discuss details.

Can the SecureTrust portal be accessed after the upgrade?

The SecureTrust portal will not be able to be accessed after the upgrade. Some SecureTrust personnel will have access to the portal for a few days after the upgrade, but they will also lose access on March 31^st, 2022.

How will I receive training for the portal?

Click here to view the Merchant portal demo.
Click here to view the Partner portal demo
Click here to access How-to user guide for partners.

Will my merchants get training for the new portal?

Merchants will be provided with links to a Merchant portal demo video and a how-to user guide for merchants.

What happens if my organization does not want to upgrade?

If your organization does not wish to upgrade, Trustwave will permanently disable your portal; therefore, any existing SecureTrust partner that has not upgraded by March 24, 2022, will lose access to their program and all data associated with it, as will merchants. We recommend that all partners upgrade to ensure they and their merchants do not lose this data.

Who do I talk to if I have more questions?

If you have additional questions, please talk to your Alliance Manager or Project Manager.

Will I still have access to the merchant detail report?

We will have a version of the merchant detail report available for you to consume. A CSV version of the report will be generated daily and made available to download from the partner portal. The initial version of this report will include all MIDs (new, active, closed) for you and your sub-sponsors in one file. If you have any custom metadata that we are unable to map, it will not initially be available in the report. See here for more details.

The full refresh XML version of the merchant detail report will also be generated and provided to those clients who currently receive it. Please ensure you have discussed file exchange details and frequency with your Alliance Manager or Project Manager.

There is also a generic merchant status file which is the Sysnet equivalent to the merchant detail report. It is available for download from the portal daily and can be transferred over sftp on request. It includes much of the same information and more. See here here for more details.

Will I still receive the merchant detail report via the reporting data feed?

You will receive the version of the merchant detail report as specified above via your usual data feed. The location of the file exchange server and credentials will change. The report headers are the same as you would normally expect; however, there are some additional columns that you can ignore. We will look to enhance this following the upgrade. Please reach out to your Alliance Manager or Project Manager for further assistance getting details for your new file exchange server.