The Payment Card Industry Data Security Standard (PCI DSS) is managed by the PCI Security Standards Council (PCI SSC). Founded in 2006 by the five biggest credit card providers: MasterCard, Visa, Discover, Amex and JCB International, the Council ensures that merchants (sellers and organizations) meet the required levels of security when they store, process and transmit cardholder data.
Being PCI compliant is not a requirement by law. However, it is highly advisable that merchants who accept card payments follow the regulations set by the PCI SSC to avoid any potential data infringement and to avoid hefty non-compliance fees. The requirements for becoming PCI compliant are relative to how your company operates.
Each level will require merchants to complete the relevant PCI DSS Self Assessment Questionnaire (SAQ), provide evidence that the merchant has completed and passed a vulnerability scan with a PCI SSC Approved Scanning Vendor (ASV), and complete and submit the Attestation of Compliance (AOC) to your acquirer.
For more information, you can reach our payment support at [email protected] or call them directly at +1 (800) 982-6419
To get to your PCI compliance Portal, supported by Secure Trust:
Login to your Cardpointe Merchant Portal at Cardpointe.com
Using your navigation bar at the top, select My Account
On the account sub tab, find and select the Not Compliant hyperlink to open the Secure Trust Portal.
Step Two
Step Three
Need help accessing your Merchant Portal? Click here!
Creating your Business Profile
Before you are able to review your secure trust portal, and complete your Compliance Survey, you'll need to create your business profile.
Please enter your Contact Email, Contact Name, Mobile Number and select your Language Preference. If you wish, you can also add an additional contact email.
Once all items are entered, select Next.
On the following page, select Start Business Profile
On the Before You Begin page, select Next to continue
On the Pick an Assessment Method page, choose Expert
Then select Next to continue
On the following page, please select No for both questions to be sorted into the correct Survey type.
Then select Next to continue
On the A summary of how and where you handle card payments, please answer these questions per your business type.The first question should be answered with your type of Retail location. For example, Salon, Spa, Grooming Salon, Recreation Facility, Veterinary Clinic or Tattoo Salon.
For the Second, enter your type of Card Processing Device. For example, Clover Flex or Clover Mini.
The Last question should be answered with what industry you are in. Common examples are Spa, Vet, Pet, Salon, Recreation, Tattoo etc.
Completing your PCI Questionnaire
Failure to complete your PCI Compliance within 60 days of your account being approved will result in an additional fee placed on your merchant statement.
After completing these questions, you will be taken to your Secure Trust Portal.
Under ‘Your Business Profile’ make sure that SAQ type P2PE is displayed.
Once you have confirmed the correct SAQ type has been selected, click Begin Step under the Complete your Security Assessment section.
If the SAQ type is not P2PE, select manage and follow the steps above to resort your business type to the correct SAQ
After selecting Begin Step, you will be taken to your Compliance Survey.
Depending on your industry, there will be approximately 25-30 Questions
As you complete questions, they will clear from the form. Your section progress is located on the right of the screen.
You may see a question that asks you to fill in the “Completion Date”. For your first time completing PCI compliance, please make sure to fill in the current date. Then answer any remaining questions.
Please note, to become compliant you will need to answer Yes to each question.
The Final step is to Confirm Your Compliance.Under Your Organization Information Details enter your Title. Typical answers are Owner, Manager, or Co-Owner.
Under the section Merchant Executive Officer, again enter your Title.
Lastly, under Information for Submission select Confirm your Attestation
You do not need to enter telephone number, email or business address in this section.
Once confirmed you will then be taken back to the main menu where you will see “You’re Compliant”
Congratulations! Your Compliance Survey is Complete!
FAQS
Q. How Often does the PCI survey need to be completed?
A. Your PCI compliance is good for a full calendar year from the date of completion.
Q. How can I receive a notification when I need to become compliant again?
A. You can select to receive an email when you become Non-Compliant again from your notification configuration under your Dashboard. For additional support, check out this article.
Q. My SAQ type isn’t P2PE, what should I do?
A. To resort your business profile into the right SAQ, select the manage button on your business profile section. Follow the guide above, making sure your correct industry and device type have been entered. If you are still sorted incorrectly, please give our support team a call.
Q. What happens if I do not complete my PCI Compliance?
A. Failure to complete your PCI Compliance within 60 days of your account being approved will result in an additional fee placed on your merchant statement. Please note, refunds for these fees are typically unable to be provided. As always, contact support if you have any issue at all completing your PCI compliance.