Most merchant processors require or recommend an on-line system for their customers to prove they’re compliant with the Payment Card Industry Data Security Standard (PCI DSS) each year. Most brick-and-mortar small businesses such as Ace Hardware stores fall into “Tier 4” for PCI compliance which means they self-attest that they are compliant. It is the responsibility of the business to ensure they meet all the compliance requirements. Unfortunately, they will only find out if they don’t after there is a data incident.

PCI Compliance Validation Portals – like SecureTrust and SecurityMetrics – assist with the self-assessment questionnaire and network scans but they don’t secure networks or fix POS or Windows issues.

DilSe.IT does not provide a compliance validation service, but as the cybersecurity training partner for Ace, we do help Ace retailers setup the service and complete the process. We also help Ace stores create a secure technology environment that supports the PCI DSS.

Ace Hardware stores often use one of two merchant processors:

• Ace Bankcard Program – This is Ace’s preferred program used by the majority of stores. The program is provided through Bank of America. As of January 2026, the Ace Bankcard Program does not provide or recommend a PCI Compliance Validation Service. For these clients, DilSe.IT generally recommends using SecureTrust. This is a paid service and the store is responsible for the nominal annual subscription.
• Epicor Payment Exchange (EPX) – Many Ace stores also use Epicor’s merchant services. Epicor provides free access to the SecurityMetrics portal for EPX customers.

There are a variety of other portals provided by other merchant processors – many of these are “white label” versions of the TrustWave or ControlScan portals. For example: Clover – Finsrv (First Data) – TrustWave Portal.

All of these portals handle the same basic functions for Ace retailers:

• Self-Assessment Questionnaire (SAQ) completion
• Self-attestation of compliance
• Quarterly network scans (if required)
• Periodic email reminders of compliance actions required

While these portals validate compliance based on the self-assessment responses, they do not:

• Secure networks
• Create cybersecurity policies or network and data flows diagrams
• Configure POS systems
• Fix Windows issues
• Prevent phishing or stop ransomware
• Provide employee training

Having access to a PCI Compliance Validation Service is not sufficient to ensure PCI compliance. Additional services from DilSe.IT are also very beneficial for making your store cybersecure. Visit our AceNet landing page (requires login) to learn more.